Sharon Goldberg: The Transition to BGP Security: Is the Juice Worth the Squeeze?

Sharon Goldberg, Boston University
The Transition to BGP Security: Is the Juice Worth the Squeeze?
The Internet's interdomain routing system is notoriously insecure. After more than a decade of effort, we are finally seeing the initial deployment of the Resource Public Key Infrastructure (RPKI), which certifies IP address allocations using a centralized infrastructure of trusted authorities. To further improve security, standards bodies are developing BGPSEC, a protocol for certifying advertised routes.
In this talk, I discuss the benefits and attendant complications of transitioning from legacy BGP to the RPKI and then to BGPSEC. I argue that transitioning to the RPKI is the most crucial step from a security perspective, but that it raises new technical and policy challenges. My argument is based on (1) our theoretical and experimental analysis of the security benefits of BGPSEC during the transition, when BGPSEC coexists alongside legacy insecure BGP, and (2) an analysis of the RPKI in a threat model where its trusted authorities are misconfigured, compromised, or compelled (e.g. by governments) to behave abusively.

Пікірлер: 6

  • @sharongoldberg2462
    @sharongoldberg246210 жыл бұрын

    Hi alefstein1: Yes, most BGP routers have prefix-maxlength filter are configured not to accept /32 prefixes; the longest prefix they usually accept is a /24. However, I chose to show this Spamhaus/Cyberbunker/Greenhost incident because its one of the few subprefix hijacks that we have seen in the wild, that we know are malicious. In all other hijacks we have seen in the wild, the hijacker claimed it was an accident. But, in these other incidents, (eg Pakistan telecom hijacks KZread, the 2010 China Telecom incident, etc), the hijacker announced a /24 or shorter prefix; for these incidents, a prefix-length filter would not stop this hijack. I talk about this around minute 4:30, although its a bit difficult to hear the question that was asked from the audience.

  • @solsav
    @solsav6 жыл бұрын

    Great talk. Two years after this talk path-end validation [Cohen et. al., SIGCOM'16] was proposed and then 2-hop validation came along and those proposals did not suffer from the same plagues that BGPSec did. I wonder how many AS'es are using path-end validation now. Is it even commercially deployed?

  • @afj0592
    @afj05925 жыл бұрын

    nice lecture..though it would be better if you slow down :)

  • @alefstein1
    @alefstein110 жыл бұрын

    huh ? i did not create any BGP connections in the past years but as far as i remember you don't have to accept /32. these attacks were due to human errors. the people who configure the BGP from both sides should verify that the routes they are accepting actually belong to the customer/other end.

  • @DeepanshuLulla1891
    @DeepanshuLulla18918 жыл бұрын

    That was awesome :D

  • @TremendousSax
    @TremendousSax6 жыл бұрын

    What a babe. Incredible talk