Re: Security in routing

From: Shane Amante (shane@amante.org)
Date: Sun Dec 17 2000 - 06:10:23 EST


Avri -

Today, there is _no_ authentication of routing substrate information.
Evidence of such is available in the NANOG mailing list archives, but
a few notable examples that had varying levels of gloabl impact are:
AS7007 attempting to announce transit for the whole Internet; a large
provider deaggregating /16's into /24's; a large router vendor's web
site disappearing due to a shorter path announcement from a
misconfigured service provider's router; plus, numerous other less
noticeable, but still service impacting cases of hijacking.

The facts are, today, it is infeasible to implement granular filtering
at service provider boundaries, so instead it is up to service
providers to deploy it at their customer edges. This protects the
provider from it's customers, but doesn't protect providers from each
other, (e.g.: a provider could still easily leak/originate bogus
routes from within their own AS to other providers).

Attempts (IRR) and proposals (S-BGP) have been offered as remedies,
but both have their trade-offs.

Unfortunately, there are no easy answers to this problem. On the one
hand is a social engineering issue and on the other a matter of
economics, (with respect to technical feasibility). The former
requires willful cooperation of everyone tied to the global Internet
to originate non-repudiable authentication information tied directly
to their prefix/path announcement, prior to or, at the same time the
routing announcement is made. The latter boils down to whether it is
technically possible (with today's technology) to perform real-time
authentication of 10s to 100s of thousands of prefixes at any given
moment. Although such technology is highly unlikely to appear anytime
in the forseeable future, even if it were could devices be built
that were economically affordable such that it would appeal to an
overwhelming segment of market?

And, finally, the biggest can of worms: trust hierarchy.
Unfortunately, such a thing is the largest paradox of the Internet.
However, some type of believable trust hierarchy would have to be
established in order to automatically resolve authentication disputes
over rightful ownership.

While I try to remain an optimist, unfortunately these issues could
remain unsolved or result in intractable solutions (like those already
offered). In that case, it could ultimately deteriorate into a matter
of overburdening policy/regulation so as to maintain strict control
over what gets announced by whom. IMO, this is the least attractive
of all options. However, finding a middle ground will not be easy.

-shane

On Sat, Dec 16, 2000 at 08:31:13PM -0800, Avri Doria wrote:
> Hi,
>
> i have a question about this. Is there evidence of an
> existing problem with authentication, or is it that there is
> and expectation that there will be a problem. if the problem
> is already affecting, what forms has it taken?
>
> thanks
> a.
>
> --
>
> Avri Doria
> +1 401 663 5024
>



This archive was generated by hypermail 2b29 : Mon Aug 04 2003 - 04:10:04 EDT