Evaluating security-enhanced interdomain routing protocols in full and partial deployment

Abstract

The Internet consists of over 50 thousand smaller networks, called Autonomous Systems (ASes) (e.g., AT&T, Sprint, Google), that use the Border Gateway Protocol (BGP) to figure out how to reach each other. One way or another, we all rely on BGP because it is what glues the Internet together, but despite its crucial role, BGP remains vulnerable to propagation of bogus routing information due to malicious attacks or unintentional misconfigurations.

The United States Department of Homeland Security (DHS) views BGP security as part of its national strategy for securing the Internet, and there is a big push to standardize a secure variant of BGP (S*BGP) by the Internet Engineering Task Force (IETF). However, S*BGP properties and their impact on the Internet's routing infrastructure, especially in partial deployment, have not yet been fully understood.

To address this issue, in this thesis we use methodologies from applied cryptography, algorithms, and large scale simulations to study the following three key properties with respect to their deployment:

1. provable security guarantees, 2. stability in full and partial deployment with or without attackers, 3. benefits and harm resulting from full and partial deployment.

With our analysis we have discovered possible security weaknesses in previously proposed secure BGP variants and suggest possible fixes to address them. Our analysis also reveals that security benefits from partially deployed S*BGP are likely to be meager, unless a significant fraction of ASes deploy it. At the same time, complex interactions between S*BGP and the insecure, legacy BGP can introduce new vulnerabilities and instabilities into the Internet's routing infrastructure. We suggest possible strategies for mitigating such pitfalls and facilitating S*BGP deployment in practice.