There has been significant interest recently in detecting and mitigating routing anomalies in the operation of the Border Gateway Protocol (BGP). Major incidents have been reported in recent months and years that involved compromise of the routing infrastructure on the Internet. These incidents or attacks have resulted in misrouted traffic and denial of services. Prefix hijack attacks in which a BGP update with false origin information is propagated has been the subject of multiple recent studies. These attacks need to be detected early and accurately so that their propagation through the Internet can be stopped and damage can be mitigated quickly. Early approaches to develop BGP security extensions have failed, but new research directions in heuristic, data driven approaches to suppressing erroneous and malicious BGP messages show some practical promise. The development of measurement and modeling techniques that can characterize the quality of the information sources and decision processes that underlie these proposals is vital to expediting their design, development and deployment cycles.
The broad scope of our study is BGP robustness as well as Internet routing scalability. This work includes several subtopics such as: (1) Simulation of large-scale attacks on the Internet routing infrastructure (i.e., exploitation of BGP vulnerabilities) and measurement of metrics that quantify routing disruption and degradation due to the attacks, (2) Verification of the Internet Routing Registry (IRR) and Regional Internet Registry (RIR) data for accuracy and completeness, (3) Algorithms for validation of the Internet routing information using observed BGP update message data and the declared data in the registries (RIRs, IRRs), (4) Cost-benefit analysis of implementation of BGP security countermeasures, and (5) Performance study of new architectures aimed at resolving the imminent scaling problems associated with routing and addressing in the Internet. We have researched some of these subtopics well and have published our results, and we are continuing or beginning research in some of the other subtopics listed above. The final goal of these studies is to contribute to technology development and standards specification that will address the Internet routing security and scalability problems that are a major concern for the industry.
We are funded for this work in part by the DHS Science and Technology organization. We are collaborating with DHS S&T to develop the above mentioned test and measurement techniques to characterize the effectiveness and potential limitations of new BGP robustness mechanisms. Promising techniques will be channeled into specific deployment recommendations and guidance for the USG. This work is ultimately meant to be of utility to the Internet Service Providers who manage the BGP routers whose operation these mechanisms will influence to achieve Internet routing robustness.
Poster Presentations at the Cybersecurity Applications and Technology Conference for Homeland Security (CATCH), Washington D.C., March 3-4, 2009.
Disclaimer Notice& Privacy Statement | Security Notice
Send comments or suggestions to firstname.lastname@example.org
The National Institute of Standards and Technology is an Agency of the
U.S. Commerce Department's Technology Administration
Date Created: March 2009
Created by: email@example.com
Last updated: May, 2010