acm-header
Sign In

Communications of the ACM

Contributed articles

Rethinking Security For Internet Routing


Rethinking Security for Internet Routing, illustration

Credit: PILart

On June 12, 2015, an incident in the Asia-Pacific region caused network performance problems for hundreds of thousands of Internet destinations, including Facebook and Amazon.24,37 It was not the result of a natural disaster, a failed transatlantic cable, or a malicious attack. Instead, it resulted from a misconfiguration at a Malaysian ISP that inadvertently exploited the Internet's Border Gateway Protocol (BGP) to disrupt connectivity at networks in Malaysia and beyond. BGP establishes Internet connectivity by setting up routes between independently operated networks. Over the past two decades, several high-profile routing incidents (often resulting from misconfigurations4,8,28,30,37) have regularly demonstrated that BGP is highly vulnerable to malicious attacks. BGP attacks cause a victim network Internet traffic to be rerouted to the attacker's own network. The rerouted traffic might then be dropped before it reaches its legitimate destination4,28,30,37 or, more deviously, be subject to eavesdropping,2,32 traffic analysis,36 or tampering.15,21,34

Back to Top

Key Insights

ins01.gif

Barriers to securing BGP. To deal with these vulnerabilities, the Internet community has spent almost two decades considering a variety of protocols for securing BGP.5 Today, however, Internet routing remains largely unprotected by BGP security protocols. The sluggish deployment of BGP security is the result of economic, operational, and policy challenges. The root cause for this situation is that the Internet lacks a single authority that can mandate deployment of BGP security upgrades. Deployment decisions are instead made by independently operated networks according to their own local policy and business objectives. BGP security is adopted by a network only if its security benefits are thought to justify its deployment and operational costs. Moreover, the diversity of BGP security protocols has led to some controversy as to which protocol should actually be deployed. This issue is exacerbated by the fact that each protocol offers different security benefits and comes with different costs.


Comments


Russ White

Several things -- the reason BGP security is not deployed is not because "there is no central authority to impose it on the Internet..." The reason is that the folks who design these things haven't come up with something that actually makes sense in the real world in terms of cost versus benefit. Second, path validation in the way BGPSEC does it is not "the gold standard" -- it actually opens its own set of security holes that often simply aren't addressed.

What really needs to happen is a group of like minded operators need to work together to find and build a set of systems that will solve 80% of the problems actually seen, and then to find ways to solve the other 20% over time -- especially as that 20% is likely to change over time. There are already groups working on such solutions -- though they tend to stay "under the radar" because of the many political issues involved with working in this space.

Overall, interesting article, but a somewhat incomplete and one sided view of the problem space and available solutions.


Displaying 1 comment

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.
  

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.