Security of Routing Protocols

Alcatel, a leader in fixed and mobile broadband networks, applications and services, was interested in increasing the security of routers which are at the core of the Internet. It is generally acknowledged by experts that abusing routing protocols presents an easy way for launching attacks on the Internet infrastructure, and that a single misbehaving router can completely disrupt routing protocols and cause disaster. The intern and research team proposed a new security extension for BGP (Border Gateway Protocol) named Pretty Secure BGP (psBGP). (BGP, an Internet standard, is the only inter-domain routing protocol running on the Internet.) In contrast to the centralized hierarchical trust model used by most existing BGP security proposals, psBGP makes use of a distributed trust model for verifying IP address “ownership'', by corroborating information from multiple, ideally independent sources. The design of psBGP was based on the way in which human beings acquire trust in the truth of information when a natural authority for the truth of the information is not available. psBGP does not assume that there is a trusted authority on the Internet which fully understands which IP address blocks are assigned to which organizations. Through this collaborative research, both the intern and Alcatel researchers greatly improved their understanding of BGP security, which in turn is expected to help improve Alcatel's research capability in network security.

Tao Wan
Faculty Supervisor: 
Dr. Paul van Oorschot