OpenBGPD is a key software component used by many Internet Exchange Points to help redistribute Internet routing information. Any security improvements at this level of the core infrastructure positively impacts the Internet experience for everyone!
We’re excited to announce the third Radiant Award recipient, Claudio Jeker.
When we at ISRG think about the greatest threats to Web security today, the lack of Border Gateway Protocol (BGP) security might top our list. Claudio's passion for networking, his focus on security, and his talent as a software developer are enabling him to make great contributions to fixing this and other Web security problems. In particular, he is making great contributions to OpenBSD and OpenBGPD.
Our partner in making today’s award possible is Internet Society. We’d like to thank them for their generous support of this award and its recipient.
Claudio has take the time to write some thoughts about his work. We're happy to share them below, please enjoy.
When I learned I was the recipient of a Radiant Award, I was very surprised and excited! My work as OpenBSD contributor and lead developer of OpenBGPD sometimes feels visible to only a small group of people. But regardless of visibility, I believe it is pertinent and has helped improve Internet security in many ways.
OpenBSD is well known for its security practices and principles. The security angle was a goal from the start of the OpenBSD project, and even though focus areas changed over time, this north star remains. This dream was not only about fixing security holes, but also learning from them and applying those lessons across the board. One of the key tricks is restricting privileges to the minimal required. One way this can be done is using privilege separation. Many daemons in OpenBSD are privilege separated. The basic idea is to split a process into multiple processes, each running with minimum privileges.
In the last two years I focused primarily on OpenBGPD, an open source implementation of the Border Gateway Protocol version 4 ("BGP-4"). Through BGP-4, service providers distribute the network routing information that makes the Internet...the Internet. Unfortunately BGP-4 has a big flaw: it was designed assuming a fair degree of trust and gracious cooperation.
An all too common assumption is that all your adjacent BGP-4 speaking networks will only announce correct information to you. However, the BGP-4 protocol itself doesn't do much to guard against misconfiguration or adversarial operations on the other side. On a very frequent interval, Routing Table leaks spread through BGP-4 (either by accident or for malicious reasons), causing large outages. It is only possible to mitigate these effects by rigorously filtering every BGP-4 route announcement. These filters are most effective when applied at important inter-connection points such as the administrative boundary between organisations connected to the Internet.
OpenBSD's BGP implementation was built with privilege separation ("privsep") in mind. Because of 'privsep', the exploit risk surface is reduced, but also the system has the opportunity to become more scalable. Before I started my work, the filtering capabilities were limited. Processing updates with large rulesets took to long. It is not ideal when network updates are delayed. Using fast lookup tables and a ruleset optimiser made a huge difference and now OpenBGPD scales nicely to hundreds of sessions. As a side effect of the privsep design, even peak workloads won't cause service interruptions, since the load is distributed across multiple processes.
And this is where my work has impact on everyone's daily lives. OpenBGPD is a key software component used by many Internet Exchange Points to help redistribute Internet routing information. Any security improvements at this level of the core infrastructure positively impacts the Internet experience for everyone!
- Claudio Jeker, December 2019