Beyond Technical Solutions

Slides:

Advertisements

Similar presentations

Autonomy and Accountability – New Models of Institutional Autonomy

Advertisements

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Climate risk and adaptation: importance of local coping strategies Anand Patwardhan Indian Institute of Technology-Bombay.

Caribbean Future Forum University of the West Indies 5 th -7 th May, 2015 IMPLEMENTATION DEFICIT: WHY MEMBER STATES DO NOT COMPLY WITH CARICOM DIRECTIVES.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Copyright 2004 Prentice Hall

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Challenges and the benefits of interoperability for the railway industry and the rail transport Eric Fontanel UNIFE General Manager.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Chapter 1 – THE CHALLENGE OF MANAGEMENT

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

©2007 Prentice Hall Organizational Behavior: An Introduction to Your Life in Organizations Chapter 1 Why Mastering Organizational Behavior is Essential.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

Senior Regulators Meeting The future of the IRRS Programme: Enhancing the Effectiveness of the Regulatory Body Ramzi Jammal, Executive Vice-President and.

Development and Transfer of Technologies UNFCCC Expert Workshop On Technology Information Technology Transfer Network and Matchmaking Systems: a LA & C.

X-Road – Estonian Interoperability Platform

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Lecture 4: BGP Presentations Lab information H/W update.

Policies for Peering and Internet Exchanges AFIX Technical Workshop Session 8.

David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)

Environmental Management System Definitions

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

Transboundary Trust Space February 16, 2012 Ensuring trust in information exchange – proposal and approaches from Russia and CIS-states (RCC states) National.

Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.

Computer Science and Engineering 1 Mobile Computing and Security.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

Norberto Andrade, Pierre-Alain Schieb, Barrie Stevens Brussels – 16/12/15 FLAGSHIP Final event Global Governance Scenarios and Alternative Policy Approaches:

Connecting for Health Common Framework: the Model Contract for Health Information Exchange Gerry Hinkley com July 18, 2006 Davis Wright.

Contemporary Tourism Governing the Contemporary Tourism Product © Chris Cooper & C M Hall 2016 Contemporary Tourism 3e, Goodfellow Publishers Ltd.

Thoughts on TEIN2 Operation and Collaboration Xing Li

 Cooperation and information exchange amongst financial supervisors and regulators are essential for effective oversight in an integrated financial system.

BGP Validation Russ White Rule11.us.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

One Hop for RPKI, One Giant Leap for BGP Security Yossi Gilad (Hebrew University) Joint work with Avichai Cohen (Hebrew University), Amir Herzberg (Bar.

Governance and Institutional Arrangements What they have to do with Regional Water Planning (RWP)

Are We There Yet? On RPKI Deployment and Security

The global cluster initiative survey

Auditing the Implementation of Multilateral Environmental Agreements (MEAs) (3) Narges Rezapour Tehran- May 2016.

Internet Routing Health Measurement Bar BoF

OECD - Introduction It is an organisation of those countries which describe themselves as Democratic and have Market economy. Its HQ is in Paris, France.

Internet routing registries (IRRs), data governance and security

ERERA AND ECOWAS ELECTRICITY MARKET DEVELOPMENT AND REGULATION

Are We There Yet? On RPKI Deployment and Security

Why the Multistakeholder Approach Works

Chapter 12 Implementing strategy through organization

Internet Interconnection

Some Thoughts on Integrity in Routing

Aviation Innovation for Regional Integration

De-Briefing Meeting on WCIT-12 Durban, July 8th 2013

Feedback from ACEA truck manufacturers and next steps

Department of Computer and IT Engineering University of Kurdistan

Dashboard eHealth services: actual mockup

Why don’t we have a Secure and Trusted Inter-Domain Routing System?

Chapter 12 Implementing strategy through organization

ENI CBC Joint Operational Programme Black Sea Basin

Module 5 Liaison and Managing Relationships with Stakeholders

PP – Resource Authentication Key ( RAK ) code for third party authentication Presenter : Erik Bais –

The Use and Impact of FTA

Fixing the Internet: Think Locally, Impact Globally

APNIC’s Engagement on Security

Public Policy Management in Nepal: Context and Issues

Public Policy Management in Nepal: Context and Issues

FIRST How can MANRS actions prevent incidents .

WP6 – EOSC integration J-F. Perrin (ILL) 15th Jan 2019

Workshop on GRP, Quito, Ecuador, 7-9 Nov. 2018

Amreesh Phokeer Research Manager AfPIF-10, Mauritius

Presentation transcript:

Beyond Technical Solutions Understanding the role of governance structures in Internet routing security Dr. Milton Mueller Dr. Brenden Kuerbis

This research is supported by the U. S This research is supported by the U.S. National Science Foundation, Award Number SES-1422629. Begin date: August 15, 2014; end date July 30, 2016

Research Problem The Internet’s routing protocol, Border Gateway Protocol (BGP) is known to be susceptible to errors and attacks. Most research on Internet routing security concentrates on technical solutions (new standards and protocols). But what if the obstacles to improved routing security are not just technical? RQ: Are distinct governance structures among networks correlated with variation in the number and severity of routing anomalies? Most research on Internet routing security concentrates on technical solutions (new standards and protocols). But what if the obstacles to improved routing security are not just technical? What if the susceptibility of networks to malicious route hijacks and path manipulations have as much to do with the way organizations implement routing policies and technologies as with the technical standards and protocols per se? What if a new technology designed to “solve” routing security problems creates new, unanticipated implementation and cooperation issues that could undermine many of the theoretical security gains of the better design? Despite the role of socio-economic factors in security, studies of routing security are not adequately supported by social science studies of the actual behavior of network operators. This project is based on the premise that organizational and institutional factors – known as governance structures in institutional economics – are as important to Internet routing security as technological design. Internet routing involves decentralized decision making among tens of thousands of autonomous network operators. In this environment, an individual operator’s decisions regarding implementation, organization and monitoring of routing policies powerfully affect the adoption and performance of security technologies.

Governance structures Definition The institutional framework in which contracts are initiated, negotiated, monitored, adapted, enforced and terminated Markets, hierarchies, networks Relevance to routing security Networked governance

Levels of analysis of governance structures Macro Meso Micro The Internet is comprised of hundreds of thousands of distinct organizations with varying incentives and operational goals. Routing is a decentralized, cooperative process in which network operators exchange information and use contracts or other kinds of voluntary agreements based on common technical standards to exchange traffic. In Internet routing, institutional and regulatory authority is also decentralized; while there is global connectivity, there are approximately 200 separate national legal jurisdictions and no common, hierarchical global regulatory authority over all the organizations that comprise the Internet and their routing practices. Routing security, therefore, must be achieved through a bottom up process of self-governance. As a result, deploying secure Internet routing is much more challenging than just installing a piece of hardware or performing a software upgrade. It requires understanding the socio-economic factors that influence operators’ cooperative practices and technology implementation decisions. This study will use an innovative combination of institutional economics and network analysis to isolate and understand the governance structures underlying Internet routing, and attempt to determine which governance structures lead to more or less routing security incidents.

Dependent variable Anomaly monitoring systems Numerous systems Identifying differences between observed & expected route announcements What are routing announcements? Prefix and AS Number (ASN) What is an anomaly? Prefix hijacks and path manipulation Limitations of anomaly monitoring systems Incompleteness of the observed AS-level structure of the internet Over- and under-estimation Identification of perpetrators and new types

Initial quantitative findings Observed routing & anomaly data for June 2011 – October 2014 Notable variation in the number of anomalies among ASs Number of routing anomalies is correlated with number of out- degrees 0.269** correlation

Independent variable: governance structures Internet Address Registries Macro-level Became regionalized from 1991 - 1997 Internet Routing Registries (IRRs) Key meso-level governance structure Few academic studies of them as institutions Important variations across IRRs New Technologies grounded in Regional Address Registries (RIRs) RPKI BGPSEC

Internet Routing Registries (IRRs) Databases that allow AS’s to register their own routing policies and validate routing policies of other AS’s. Extensive mirroring of data across different IRRs based on standard formatting Who operates them? Specialized third parties Tier 1 Internet service providers RIRs and NIRs Hosting/colocation companies, Internet Peering Exchanges How are they sustained economically? Free/open Fee-based Service-based

Economic and governance analysis of IRRs Do IRRs have public good characteristics? Nonrival consumption, nonexclusive benefits Voluntary data input by many autonomous actors Open access to data; some data mirrored across registries What governance structures are used to ensure data accuracy and currency? Contracts Data and access controls Linkages to macro-level institutions (RIRs) How to detect IRR use?

IRRs vs. other solutions Data quality inetnum (IRR) vs. Route Origin Authorization (RPKI) Routing security Route object registration (IRR) vs. Route Origin Authorization (RPKI) Filtering out anomalous route announcements (IRRs) vs authenticating all announcements (BGPSEC) Individual AS benefit (IRR) vs. overall network benefit (BGPSEC) Major implications for governance mode Networked governance vs. hierarchical governance

Final thoughts Policy implications Are there ‘best practices’ for IRRs and operators? Should RIRs facilitate or mandate new tech adoption? Should national regulators require use of specific technologies? Need for closer engagement of computer science, policy studies, political economy, institutions