Routing Security — why trust information?

Trust is in the eye of the beholder – but it has to be based on something.   In different contexts, crypto may be more relevant than heuristics, and vice versa.  Traditionally, in Internetworking, business relationships have had a big role in determining whether or not to trust information being offered by another part, whether for routing information or for other network operations.

First hand knowledge/business relationship

  • Internal business processes for own network
  • Established, confidential and trusted information from neighbor networks
  • Reliance on the 3rd party (e.g., IRR)

Crypto

Cryptography-based authentication of information is objective and automatable. Assuming the surrounding processes are sound, it does mean the detection of information that has been tampered with.

  • Management of cryptographic information may not align with business models
  • Potentially subject to takedown/capture
  • Reliant on yet another external chain of trust
  • Computing – offline (batch) or real time
  • Hardware upgrades
  • Heavy duty computing requirements, especially for real time work
    • Deploying and updating keying material across a network of routers is logistically challenging

Heuristic

Some combination of knowledge and assumptions may be brought to bear in evaluating information.

  • Business logic
  • Generally preferred by operators
  • BGPStream uses heuristics

Thoughts?  Share a comment!

Comments are closed.