There has been significant interest recently in detecting and mitigating routing anomalies in the operation of the Border Gateway Protocol (BGP). Major incidents have been reported in recent months and years that involved compromise of the routing infrastructure on the Internet. These incidents or attacks have resulted in misrouted traffic and denial of services. Prefix hijack attacks in which a BGP update with false origin information is propagated has been the subject of multiple recent studies. These attacks need to be detected early and accurately so that their propagation through the Internet can be stopped and damage can be mitigated quickly. Early approaches to develop BGP security extensions have failed, but new research directions in heuristic, data driven approaches to suppressing erroneous and malicious BGP messages show some practical promise. The development of measurement and modeling techniques that can characterize the quality of the information sources and decision processes that underlie these proposals is vital to expediting their design, development and deployment cycles.
The broad scope of our study is BGP robustness as well as Internet routing scalability. This work includes several subtopics such as: (1) Simulation of large-scale attacks on the Internet routing infrastructure (i.e., exploitation of BGP vulnerabilities) and measurement of metrics that quantify routing disruption and degradation due to the attacks, (2) Verification of the Internet Routing Registry (IRR) and Regional Internet Registry (RIR) data for accuracy and completeness, (3) Algorithms for validation of the Internet routing information using observed BGP update message data and the declared data in the registries (RIRs, IRRs), (4) Collaborating with the IETF participants to design and develop Resource Private Key Infrastructure (RPKI) and RPKI-based BGP security mechanisms, (5) Cost-benefit analysis of implementation of BGP security countermeasures, and (6) Performance study of new architectures aimed at resolving the imminent scaling problems associated with routing and addressing in the Internet. We have researched some of these subtopics well and have published our results, and we are continuing or beginning research in some of the other subtopics listed above. The final goal of these studies is to contribute to technology development and standards specification that will address the Internet routing security and scalability problems that are a major concern for the industry.
We are funded for this work in part by the DHS Science and Technology organization. We are collaborating with DHS S&T, industry partners, and the IETF to develop the above mentioned test and measurement techniques to characterize the effectiveness and potential limitations of new BGP robustness and security mechanisms. Promising techniques will be channeled into specific deployment recommendations and guidance for the USG. This work is ultimately meant to be of utility to the Internet Service Providers who manage the BGP routers whose operation these mechanisms will influence to achieve Internet routing robustness and security.
Working with industry and Government to design, standardize, test and foster commercial deployment of new technologies and techniques to improve the security, robustness and scaling of core Internet infrastructure. This project is sponsored in part by the DHS S&T SPRI Program.
Additional Technical Details:
Significant progress has been made in all areas of listed above.
Lead Organizational Unit:itl
100 Bureau Drive