Is the juice worth the Squeeze? Evaluating S*BGP Security Benefits in Full and Partial Deployment
Wednesday, November 6, 2013, 2:00-3:00 pm 
Abstract
The Border Gateway Protocol (BGP) is currently the de facto standard for establishing routes between Autonomous Systems (ASes) on the Internet. However, despite its crucial role, because BGP was designed to enable routing between parties that trust each other, it is vulnerable to propagation of bogus routing information due to malicious attacks or unintentional misconfigurations. Currently, the United States Department of Homeland Security views BGP security as part of the national strategy for securing the Internet, and there is a big push to standardize a secure variant of BGP (S*BGP), e.g. S-BGP, SoBGP, BGPSEC, by the Internet Engineering Task Force (IETF). However, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in partial deployment alongside legacy BGP for a very long time, and little is understood about the full extent of the properties of S*BGP protocols and their impact on the Internet's routing infrastructure, especially in partial deployment.
The Border Gateway Protocol (BGP) is currently the de facto standard for establishing routes between Autonomous Systems (ASes) on the Internet. However, despite its crucial role, because BGP was designed to enable routing between parties that trust each other, it is vulnerable to propagation of bogus routing information due to malicious attacks or unintentional misconfigurations. Currently, the United States Department of Homeland Security views BGP security as part of the national strategy for securing the Internet, and there is a big push to standardize a secure variant of BGP (S*BGP), e.g. S-BGP, SoBGP, BGPSEC, by the Internet Engineering Task Force (IETF). However, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in partial deployment alongside legacy BGP for a very long time, and little is understood about the full extent of the properties of S*BGP protocols and their impact on the Internet's routing infrastructure, especially in partial deployment.
In this talk I will present recent results that shed some light on this issue. We use theoretical and experimental analyses to study the security benefits provided by fully and partially-deployed S*BGP and show how the complex interactions between S*BGP and insecure, legacy BGP can introduce new vulnerabilities and instabilities into the interdomain routing system.
This is joint work with Sharon Goldberg and Michael Schapira.
Bio
Robert Lychev is currently a PhD student at Georgia Institute of Technology at the College of Computing, working with Alexandra Boldyreva and Nick Feamster. He is primarily interested in applying cryptographic and game theoretic concepts to problems of security and incentives in routing and accountability. In the recent past he was working with Yevgeniy Vorobechik at Sandia National Laboratories Livermore, California as a summer intern. Before that, for two years he was a visiting researcher at Boston University Security Group working with Sharon Goldberg. Before joining Georgia Tech he obtained bachelors and masters degrees at University of Massachusetts Amherst, where he was advised by Kevin Fu.
This talk is organized by Ramakrishna Padmanabhan