1 / 7

A polytheistic approach to securing interdomain routing

A polytheistic approach to securing interdomain routing. Ratul Mahajan Microsoft Research. Much work on interdomain routing security but little deployment. Myriads of security protocols S-BGP soBGP SPV Listen and Whisper IRV psBGP Pretty Good BGP …. How can we explain that?.

art
Télécharger la présentation

A polytheistic approach to securing interdomain routing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A polytheistic approach to securing interdomain routing Ratul Mahajan Microsoft Research

  2. Much work on interdomain routing security but little deployment • Myriads of security protocols • S-BGP • soBGP • SPV • Listen and Whisper • IRV • psBGP • Pretty Good BGP • …

  3. How can we explain that? • Is the problem not important? • Are all those approaches broken? • Maybe, its futile to look for “the one” perfect solution • One size does not fit all • Coordination • Incentives

  4. A polytheistic approach • Instead of designing one solution for everyone, design a broad range • ISPs pick zero or more, as per their needs

  5. How is this chaos secure? • Lessons from the road network • Different cars, drivers, skill-levels • But the network is reasonably secure • Two key underlying factors • visibility and financial disincentives • Hypothesis: routing can be secured by engineering these factors

  6. Simple changes are enough • Engineering visibility • Pinpoint who is sourcing and propagating bad routing updates • Engineering financial disincentives • Build on bilateral contracts • Penalties for sending bad updates to neighbors • No need for regulation

  7. The end result • Appropriate aligning of incentives • Each ISP does what it takes to run a secure network • Security properties similar to the road network • accident prevention is not guaranteed

More Related