1 / 6

Working Group 6: Secure BGP Deployment

Working Group 6: Secure BGP Deployment. December 16, 2011 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs. Communications Security, Reliability and Interoperability Council. CSR C. Working Group 6: Secure BGP Deployment.

zuwena
Télécharger la présentation

Working Group 6: Secure BGP Deployment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Working Group 6: Secure BGP Deployment December 16, 2011 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs Communications Security, Reliability and Interoperability Council CSR C

  2. Working Group 6: Secure BGP Deployment • Short Description:  The Border Gateway Protocol (BGP) controls inter-domain packet traffic routing on the entire global Internet. BGP relies on trust among operators of gateway routers to ensure the integrity of the Internet routing infrastructure. Over the years, this trust has been compromised on a number of occasions, revealing fundamental weaknesses of this critical infrastructure. This Working Group willrecommend the framework for industry regarding incremental adoption of secure routingprocedures and protocols based on existing work in industry and research. The framework will include specific technical procedures and protocols. The framework will be proposed in a way suitable for opt-inby large Internet Service Providers (ISPs) in order to create incentives for a wider scale, incremental ISP deployment of secure BGP protocols and practices in a market-driven, cost-effective manner. • Duration: August 2011 – March 2013 Communications Security, Reliability and Interoperability Council CSR C

  3. Working Group 6 – Participants Communications Security, Reliability and Interoperability Council CSR C

  4. Working Group 6 - Work Completed • Documenting known threats • Real BGP security incidents, and known vulnerabilities • Identifying suite of BGP security solutions • Current best common practices (i.e., local filters) • Anomaly detection to flag and avoid suspicious routes • Global database of certified origins, with conventional configuration • Cache-to-router origin certification protocol to push filters • Cryptographic validation of the entire route (e.g., S-BGP) • Identifying dimensions for comparing solutions • Technical maturity, and cost to deploy and operate • Security benefits, and new attack surfaces • Feasibility of incremental deployment • Impact on autonomy of networks and nations

  5. Working Group 6 – Ongoing Work Activity • Comparing the BGP security solutions • Analyzing each solution across all dimensions • Comparing with the other proposed solutions • Identifying ways to encourage incremental deployment • Identifying important usage scenarios • Number of BGP-speaking routers • Structure within and between networks • Frequency of BGP routing changes • Designing experimental methodology • Measurement infrastructure (e.g., RouteViews, Renesys) • Quantifying extent/scope of security incidents • Quantifying effectiveness of partial deployments • Safe active experiments with participating networks

  6. Working Group 6 - Project Timeline • WG regular meetings • 1st and 3rd Tuesdays of each month • Soon, smaller groups on major sub-topics • WG Final Recommendations: March 2013 • Intermediate Milestones (Preliminary): • Secure Routing Implementation Practices – March 8, 2012 • Secure Routing Performance Metrics – September 12, 2012 • Secure Routing Performance Metrics – December 5, 2012

More Related