Securing Internet Routing Protocols
Internet routers build routing tables for delivery of traffic to requested destinations, largely through (currently unauthenticated) control messages received from other routers. It is now consensus that routing control messages are vulnerable to easy manipulation or disruption by attackers, and that such malicious activity could severely disrupt the core Internet infrastructure.
We will begin with a deeper exploration of the vulnerabilities of the Border Gateway Protocol (BGP), the Internet's standard inter-domain routing protocol. Extending preliminary work[1], we will develop a better understanding of relative advantages and disadvantages of the main existing proposals for securing BGP: S-BGP and soBGP. Motivated by roadblocks to practical deployment faced by these, we aim to propose a blended alternative protocol which both addresses existing security vulnerabilities, and is agreeable to the BGP community allowing up-take in practice (albeit most likely medium- or long-term). Among other major challenges are: proper verification of IP prefix ownership assertions (i.e. which organizations have the authority to advertise which address blocks), and authentication of BGP control messages. Related issues include: designing an acceptably efficient security infrastructure (a public-key infrastructure or PKI, if used, must have only acceptable overhead), devising a protocol which is incrementally deployable (can be rolled-out onto the Internet piecewise), and ensuring the proposal is acceptable to BGP operators (i.e. those in the real-world who deploy and operate the BGP infrastructure). Techniques and methodology include design comparison with existing alternatives, simulations, and estimations of overhead based on actual BGP traffic (including stored databases thereof).
Towards securing a different aspect of routing protocols, we would also like to adopt and apply protocol implementation test tools to find vulnerabilities in routing protocol implementations. Prior work[3] includes a syntax-based toolset and methodology for vulnerability testing of network protocol-implementations. Previous research [2] adopted tools to frame-based protocols (a frame explicitly defines the order and exact length of each data field), allowing tests of implementations of the OSPF routing protocol. We aim to pursue such methods with adapted toolsets on additional protocol implementations beginning with BGP, a mixed protocol (i.e. a frame-based protocol also including fields consisting of (type, length, value) or (length, value) tuples).
1. T. Wan, E. Kranakis, P.C. van Oorschot, Pretty Secure BGP, Network and Distributed System Security (NDSS'05, to appear), Feb. 2005, San Diego. Preliminary version: Carleton Univ., C.S. Tech. Report TR-04-07 (2 Sept. 2004). pdf
2. O. Tal, S. Knight, T. Dean, Syntax-based Vulnerability Testing of Frame-based Network Protocols, Privacy, Security and Trust 2004, Fredericton, N.B., 13-15 Oct 2004.
3. Y. Turcotte, O. Tal, S. Knight, T. Dean, Universal Methodology and Tools for Syntax-based Vulnerability Testing of Protocol Implementations, MILCOM 2004 (to appear).