Final Report Summary - SIRENS (Securing Internet Routing: Economics vs. Network Security)
To deal with these vulnerabilities, the Internet community has spent almost two decades considering a variety of protocols for securing BGP. Today, however, Internet routing remains largely unprotected by BGP security protocols. The sluggish deployment of BGP security is the result of economic, operational, and policy challenges. The root cause for this situation is that the Internet lacks a single authority that can mandate deployment of BGP security upgrades. Deployment decisions are instead made by independently operated networks according to their own local policy and business objectives. BGP security is adopted by a network only if its security benefits are thought to justify its deployment and operational costs. Moreover, the diversity of BGP security protocols has led to some controversy as to which protocol should actually be deployed. This issue is exacerbated by the fact that each protocol offers different security benefits and comes with different costs.
My CIG-funded research focused on identifying the obstacles facing the realisation of today's agenda for securing BGP routing (as advocated, e.g. by the Internet Engineering Task Force). I tackled the following questions: What is the adoption status of BGP security? What are the implications for global security of partial adoption? What are the root-causes for slow adoption? How can deployment be pushed forward? I addressed these questions through a combination of theoretical and empirical analyses, surveys of many network practitioners, and extensive simulations.
The results of this project exposed severe obstacles facing today's approach to securing routing on the Internet, including lack of sufficient value for early adopters, resulting in the classical chicken and egg problem facing the deployment of new Internet protocols (little incentive to adopt until many others have already adopted). To remedy this, my research proposed guidelines for engineering the deployment process in an incentive-oriented manner so as to drive deployment forward. My co-authors and I also proposed an easily deployable and modest extension to today's approach, called “path-end validation”, which can significantly enhance routing security. We showed, through rigorous security analyses and extensive simulations on empirically derived datasets, that path-end validation yields significant benefits even in very limited partial adoption. We presented an open-source, readily deployable prototype implementation of path-end validation.