Skip to main content

Securing Internet Routing: Economics vs. Network Security

Final Report Summary - SIRENS (Securing Internet Routing: Economics vs. Network Security)

On June 12, 2015, an incident in the Asia-Pacific region caused network performance problems for hundreds of thousands of Internet destinations, including Facebook and Amazon.24,37 It was not the result of a natural disaster, a failed transatlantic cable, or a malicious attack. Instead, it resulted from a misconfiguration at a Malaysian ISP that inadvertently exploited the Internet's Border Gateway Protocol (BGP) to disrupt connectivity at networks in Malaysia and beyond. BGP establishes Internet connectivity by setting up routes between independently operated networks. Over the past two decades, several high-profile routing incidents (often resulting from misconfigurations) have regularly demonstrated that BGP is highly vulnerable to malicious attacks. BGP attacks cause a victim network Internet traffic to be rerouted to the attacker's own network. The rerouted traffic might then be dropped before it reaches its legitimate destination or, more deviously, be subject to eavesdropping, traffic analysis, or tampering.

To deal with these vulnerabilities, the Internet community has spent almost two decades considering a variety of protocols for securing BGP. Today, however, Internet routing remains largely unprotected by BGP security protocols. The sluggish deployment of BGP security is the result of economic, operational, and policy challenges. The root cause for this situation is that the Internet lacks a single authority that can mandate deployment of BGP security upgrades. Deployment decisions are instead made by independently operated networks according to their own local policy and business objectives. BGP security is adopted by a network only if its security benefits are thought to justify its deployment and operational costs. Moreover, the diversity of BGP security protocols has led to some controversy as to which protocol should actually be deployed. This issue is exacerbated by the fact that each protocol offers different security benefits and comes with different costs.

My CIG-funded research focused on identifying the obstacles facing the realisation of today's agenda for securing BGP routing (as advocated, e.g. by the Internet Engineering Task Force). I tackled the following questions: What is the adoption status of BGP security? What are the implications for global security of partial adoption? What are the root-causes for slow adoption? How can deployment be pushed forward? I addressed these questions through a combination of theoretical and empirical analyses, surveys of many network practitioners, and extensive simulations.

The results of this project exposed severe obstacles facing today's approach to securing routing on the Internet, including lack of sufficient value for early adopters, resulting in the classical chicken and egg problem facing the deployment of new Internet protocols (little incentive to adopt until many others have already adopted). To remedy this, my research proposed guidelines for engineering the deployment process in an incentive-oriented manner so as to drive deployment forward. My co-authors and I also proposed an easily deployable and modest extension to today's approach, called “path-end validation”, which can significantly enhance routing security. We showed, through rigorous security analyses and extensive simulations on empirically derived datasets, that path-end validation yields significant benefits even in very limited partial adoption. We presented an open-source, readily deployable prototype implementation of path-end validation.