How Secure are Secure Interdomain Routing Protocols?
BGP is an essential routing protocol used by big internet service providers to send and receive packets. These ISPs are represented as autonomous systems(AS) in the network topology. Routing packets in ASes is more complicated than regular routing procedure because ASes have local preferences and policies weighed into the routing. BGP takes care of such complicated routing and its performance has improved the internet experience of everyone. Since it is used so much in our world, security holes and flaws in the design can cause panic and disturbance in the society.
The paper examines weaknesses in different versions of BGP(BGP, soBGP, S-BGP, and data-plan verification) and analyzes the behavior of these protocols. Their four attacking methods include : annoucning an unavailable or non-existent path, announcing different paths to different neighbors, announcing an legitimate available path that is different from the normal path, and exporting a path to a neighbor to which no path should be announced to according to the normal export policies. The simulation is set up from a real-life AS topology and the result is quite surprising. The result show that the traffic in the system can be manipulated to pool into one malicious AS. A clever exporting policy severely impacts the current BGP model and it is recommended that the a more practical defense filter be created.
The findings in this paper affects our current and future interdomain routing procedure because it showed that manipulating traffic into an AS can be done with some clever tricks. However, it also argues that devising this clever trick is a NP-hard problem. What would be interesting is to see multiple attacks on the system such as one legitimate server that is cooperating with a malicious server to send it all the traffic. The experiments were done with one manipulators and the rest his victims, so it could have been an interesting approach to see multiple manipulators using the same strategy to see if that could backfire.
Overall, this is a wake-up call for BGP to improve the system before ISPs start battling out.
Consensus Routing: The Internet as a Distributed System
This is an interesting paper that suggests a different algorithm for interdomain routing protocol. Although BGP is in practice, it has so many issues that scholars point out. Consensus routing is an effort to collaborate the ASes more efficiently by spreading the topology information in detail to everyone. It is different than BGP in that it stabilizes a view of the system and works on a newer version of the view. The view keeps on changing as ASes advertise different preferences or fails due to unforeseen errors. This almost reminds me of a database logging scheme. It has a temporary view then it patches triggers/recent changes to the view to complete the view relative to the current state. Then it has a waiting period in which the algorithm uses the constructed view for a while and throws it away.
This is such a complicated algorithm at first-taste because it reminds me of a database system. Interestingly, the paper argues that the performance overhead is only about 10% of the normal BGP procedure, which we can take with a grain of salt. Consensus routing does not scale well as it requires a consolidator for every group the interdomain topology is going to have. In the future, ASes can aggregate and this group of ASes can also aggregate in a different form. Then the consensus routing is not flexible to adopt to the change and serve the workload of many ASes. Consensus routing requires a full routing information in the system in order to create the view that everyone shares. I feel that this is an overkill for a job which BGP is doing fine. Theoretically it gets rid of many inefficiencies of BGP but in real-world, BGP is working well. This has many failure points in constructing the view because failing to transmit a packet that contains the current AS information can result in delaying the utilization of the AS for an epoch time(which is approx. 30 seconds).
The simulation shows that it raises loop resistance and fault-tolerance. This is a significant improvement in the current BGP model because loops and failures create more traffic and loops that slows down the system. However, this is too complicated to practically implement and carry it out because so many communications need to happen for each iteration of creating a consensus.
No comments:
Post a Comment