Zoom Webinar ID: 862 815 806 Passcode: 914464
Improving the Security of Internet Routing
Internet Routing has not been designed for security, and while ad-hoc defenses exist, these are not systemic, and there are still large vulnerabilities - and numerous abuses. There is wide awareness of this, and for more than two decades, intensive efforts to upgrade Internet routing with systemic defenses. Unfortunately, there are significant challenges in deploying such effective systemic defenses.
We will review the essential aspects of Internet routing and explain its inherent vulnerabilities, and the main standardization efforts for defenses: Route Origin Validation (ROV) and BGPsec. ROV is a defense against prefix hijacking, and BGPsec is a defense against path manipulation - the two basic threats against Internet routing. Both are based on the Resource Public-Key Infrastructure (RPKI), so we will briefly explain that too.
We will also discuss some of our ongoing works toward improving security of Internet routing, mainly ROV++, an extension of ROV that significantly improves its defenses, and ezBGPsec, a protocol that achieves similar goals to BGPsec but with a fraction of its (prohibitive) computational costs, and with support for incremental adoption - two major problems of BGPsec.
The presentation will provide the necessary background on Internet routing.