Doctoral Dissertation Oral Proposal
Title: Toward Deployable Secure Interdomain Routing
Ph.D. Candidate: Cameron Morris
Major Advisor: Dr. Amir Herzberg
Associate Advisors: Dr. Bing Wang, Dr. Minmei Wang
Committee Members: Dr. Ghada Almashaqbeh, Dr. Minmei Wang
Date/Time: Friday March 24th, 10:00 AM
Location: HBL Room 1102
Webex Link (if joining remotely): https://uconn-cmr.webex.com/uconn-cmr/j.php?MTID=m9b93e4c304952646b52d6f5771ab50d1
Meeting number: 2621 493 9571
The Border Gateway Protocol (BGP) is the de facto routing protocol in the internet, connecting tens of thousands of autonomous systems, also called domains. BGP, however, was not designed with built-in security mechanisms. As a result, vulnerabilities in BGP have been abused for mis-routing attacks that could enable eavesdropping, manipulation of traffic/MitM, and cause large-scale interruptions in increasingly critical services.
Although the pace of addressing these vulnerabilities has been less than quick, substantial progress has been made toward solutions including the RPKI and ROV designed to secure, at least in part, Interdomain Routing. This dissertation explores methods of achieving security in Interdomain Routing that work with existing standards and proposals rather than seeking to re-invent them or re-architect the Internet. Extensions to the current standard, BGPsec, to provide better defense in partial adoption are proposed. Extensive evaluation of these extensions using simulation and analytical verification of security properties demonstrates significantly improved security and computational overhead compared to existing defenses. Lastly, it explores two other areas for improvement, Source Address Validation (SAV) and Reverse Path Filtering (RPF). Existing SAV and RPF rule sets that help prevent reflection DDoS attacks and IP address spoofing can be enhanced with the information contained in the RPKI. The effectiveness of all of the above extensions and enhancements will be evaluated along with the economic incentives to adopt them, outlining a path towards deployable Secure Interdomain Routing.