Routing security: work with what you’ve got!

It seemed like there would be little appetite for discussing next steps in routing infrastructure authentication and verification after the DDoS attack on Dyn (October 2016), when it became clear that large scale attacks are feasible without spoofing IP addresses, hijacking prefixes, or otherwise falsifying Internet infrastructure numbers and routing. Already a tough sell to get operators to consider incremental (let alone architectural) updates to do origin authentication and some manner of routing announcement verification, the Dyn attack provided a clear and present danger that would not be addressed by such updates, so why bother with them?

The reality is there is no silver bullet. Approaches focused on origin validation and (some degree of) route credibility improvement will improve the overall level of reliability of the Internet, even if the specific threats these improvements address aren’t the immediately visible problems.

One of the Applied Networking Research Prize (ANRP) winners that presented at the IETF 98 meeting in Chicago, Yossi Gilad, presented “Jumpstarting BGP Security” , which provides an analysis of the benefits of “path-end” validation. This ANRP-winning work runs the numbers to show the improvement in security (from hijacking) using path-end validation: where a BGP hijack will succeed 50% of the time if there is no BGP security, or 27% of the time if only origin authentication is done, adding path-end validation to origin authentication drops the success rate to slightly less than 15% (as compared to 10% for partial deployment of RPKI + BGPsec).

And since it turns out that there are operators identifying that they have issues with hijacked routes, there is still interest in finding feasibly-deployable solutions to improve the routing security infrastructure, even if those attacks are not the headline-making news.

It’s (still) not time to do the heavy “business case pitch” for improving routing security through origin authentication and some manner of path validation, but it seems it is the moment to gather the operators that have come to the conclusion of their own volition, and get them to agree on one interoperable path forward.

Comments are closed.