Securing Internet Routing

14.07.2017 11:00-12:00

Securing Internet Routing

14.07.2017, 11:00 – 12:00

Speaker: Amir Herzberg, Bar Ilan University, Israel | Location: Rheinstraße 75, Fraunhofer SIT, Darmstadt

Organizer: CROSSING

Abstract

Routing is the basic infrastructure connecting the Internet together; yet, it remains woefully insecure, in spite of extensive standardization and R&D efforts over decades. In the recent years, most efforts focus on two mechanisms: the Border Gateway Protocol security enhancements (BGPsec), and the Routing Public Key Infrastructure (RPKI). for origin authentication, and BGPsec for path validation.

RPKI is easier to deploy, and also a pre-requisite to BGPsec. Properly deployed, RPKI will prevent devastating, common attacks such as IP prefix hijacking; indeed, there are extensive efforts to encourage deployment. However, we show measurements indicating that RPKI deployment is slow – and, worse, there are many deployment errors. We study the impact and causes of this slow, partial adoption, and explore ways to improve deployment.

Adoption of BGPsec, on the other hand, struggles with inherent, possibly insurmountable, obstacles, including the need to upgrade today’s routing infrastructure and meager benefits in partial deployment. Therefore, we propose an easily-deployable alternative: {\em path-end validation}. Extensive simulations on empirically-derived datasets show that path-end validation yields significant benefits – even in limited, partial adoption – much improving compared to BGPsec.

Finally, we discuss the inherent security limitations of the current routing protocols, and ongoing works toward an alternative routing infrastructure, which will ensure connectivity even under extreme Denial-of-Service attacks.

Joint work with Avichai Cohen, Yossi Gilad, Adrian Perrig, Raphael Reischuk, Michael Schapira, Roee Shlomo, Haya Shulman.

Short Bio

Amir Herzberg is a tenured professor in the Computer Science department at Bar Ilan University, Israel. And he is also a member of the Fraunhofer Project Center for Cybersecurity (in the Hebrew University, Jerusalem).

zur Liste