Show simple item record

dc.contributor.advisorFeamster, Nick
dc.contributor.advisorBoldyreva, Alexandra
dc.contributor.authorLychev, Robert D.
dc.date.accessioned2014-08-27T13:41:47Z
dc.date.available2014-08-27T13:41:47Z
dc.date.created2014-08
dc.date.issued2014-07-01
dc.date.submittedAugust 2014
dc.identifier.urihttp://hdl.handle.net/1853/52325
dc.description.abstractThe Internet consists of over 50 thousand smaller networks, called Autonomous Systems (ASes) (e.g., AT&T, Sprint, Google), that use the Border Gateway Protocol (BGP) to figure out how to reach each other. One way or another, we all rely on BGP because it is what glues the Internet together, but despite its crucial role, BGP remains vulnerable to propagation of bogus routing information due to malicious attacks or unintentional misconfigurations. The United States Department of Homeland Security (DHS) views BGP security as part of its national strategy for securing the Internet, and there is a big push to standardize a secure variant of BGP (S*BGP) by the Internet Engineering Task Force (IETF). However, S*BGP properties and their impact on the Internet's routing infrastructure, especially in partial deployment, have not yet been fully understood. To address this issue, in this thesis we use methodologies from applied cryptography, algorithms, and large scale simulations to study the following three key properties with respect to their deployment: 1. provable security guarantees, 2. stability in full and partial deployment with or without attackers, 3. benefits and harm resulting from full and partial deployment. With our analysis we have discovered possible security weaknesses in previously proposed secure BGP variants and suggest possible fixes to address them. Our analysis also reveals that security benefits from partially deployed S*BGP are likely to be meager, unless a significant fraction of ASes deploy it. At the same time, complex interactions between S*BGP and the insecure, legacy BGP can introduce new vulnerabilities and instabilities into the Internet's routing infrastructure. We suggest possible strategies for mitigating such pitfalls and facilitating S*BGP deployment in practice.
dc.format.mimetypeapplication/pdf
dc.language.isoen_US
dc.publisherGeorgia Institute of Technology
dc.subjectBGP
dc.subjectSecure routing
dc.titleEvaluating security-enhanced interdomain routing protocols in full and partial deployment
dc.typeDissertation
dc.description.degreePh.D.
dc.contributor.departmentComputer Science
thesis.degree.levelDoctoral
dc.contributor.committeeMemberClark, Russ
dc.contributor.committeeMemberGoldberg, Sharon
dc.contributor.committeeMemberSchapira, Michael
dc.date.updated2014-08-27T13:41:47Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record