Interdomain routing is the process by which different ISPs' networks share information about how to reach destinations on the Internet. However, the information contained within BGP, the protocol used for interdomain routing, however, the information contained within BGP is not authenticated, meaning that an attack or misconfiguration by a router anywhere on the Internet can effect the global flow of traffic to any destination, rendering the destination unreachable and/or allowing an adversary to read/modify packets and even impersonate the destination.

While proposals for securing BGP have been around for quite some time, no protocol design has been adopted and deployed on the Internet due to significant adoption hurdles. A major aspect of our work is to explore designs that reduce these deployment hurdles and to explore how different protocol designs affect adoption. We also look at how different approaches (e.g., multi-path routing) can also protect traffic against attacks or errors from routers already on a legitimate path, which BGP cannot handle at all.

Improving the Adoptability of BGP Security

Deploying a more secure version of BGP is frought with adoption hurdles that are tied deeply into the design assumptions of any solution. For example, the efficiency of the cryptographic primitives used to authenticate secure routing data determine whether routers will need to include new crypto-accelleration hardware to support secure BGP. The Secure Path Vector (SPV) proposal uses efficient symmetric key cryptography to significantly reduce the cost of signing and verifying routing announcement. The creation of a PKI to establish public keys to authenticate address space ownership and identify ASes is another case where BGP adotption faces a large one-time cost. Our "Grassroots PKI" proposal offers a novel mechanism that lets the PKI start out in a simple manner and grow more secure over time. Finally, the exact type of protection offered by a routing protocol affects the level of protection it provides during partial deployment. Our work on modelling the adoption of secure routing demonstrates the benefits of various past proposals on Internet topologies.

Multi-Path Availability Centric Routing

Unlike traditional secure interdomain routing research, which focuses on cryptographically securing the contents of the BGP protocol to avoid invalid announcement, we explore the possibility of having the infrastructure expose many possible paths (including potentially false routes) and allowing end-hosts to select among those paths to determine which path "works". Since most end-host traffic that needs strong security is already capable of recognizing the valid destination using end-to-end mechanisms like SSL and IPSec, this approach offers powerful robustness with only minor changes to the infrastructure, and none of the cryptographic and management overhead of securing BGP. We refer to this simple and light-weight approach as Availability Centric Routing , because the infrastructure is focused on making sure at least one legitimate path is available, not on the correctness of all routing information.

Contact Us