Sign In

Communications of the ACM


Why Is It Taking So Long to Secure Internet Routing?

Why Is It Taking So Long to Secure Internet Routing?, illustration

Credit: Alicia Kubista / Andrij Borys Associates

back to top 

The Border Gateway Protocol (BGP) is the glue that holds the Internet together, enabling data communications between large networks operated by different organizations. BGP makes Internet communications global by setting up routes for traffic between organizations—for example, from Boston University's network, through larger ISPs such as Level3, Pakistan Telecom, and China Telecom; then on to residential networks such as Comcast or enterprise networks such as Bank of America.

While BGP plays a crucial role in Internet communications, it remains surprisingly vulnerable to attack. The past few years have seen a range of routing incidents that highlight the fragility of routing with BGP. They range from a simple misconfiguration at a small Indonesian ISP that took Google offline in parts of Asia,32 to a case of BGP-based censorship that leaked out of Pakistan Telecom and took YouTube offline for most of the Internet,2 to a routing error that caused a large fraction of the world's Internet traffic to be routed through China Telecom,6 to highly targeted traffic interception by networks in Iceland and Belarus.34


Russ White

While the RPKI is useful, BGPSEC itself is undeployable, will ossify BGP, and most likely end up causing more problems than it solves in terms of attack surfaces, etc. Unfortunately, politics within the IETF have not allowed any alternatives to be considered. So part of the reason the BGP ecosystem has been so slow to be secured is because no solutions have been put forward that will actually meet any sort of real cost/benefit tradeoff.

When a system is proposed that will actually provide a real cost/benefit tradeoff, then security will move forward.

Displaying 1 comment

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.