Working Group 6: Secure BGP Deployment December 16, 2011 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs.

Slides:



Advertisements
Similar presentations
Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
Advertisements

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute
Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira Joint work with Yaping Zhu and Jennifer Rexford (Princeton University)
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.
Working Group 11: Consensus Cyber Security Controls March 14, 2013 Alan Paller, SANS Institute Marcus Sachs, Verizon Communications WG 11 Co-Chairs.
Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira (Yale University and UC Berkeley) Joint work with Yaping Zhu and Jennifer Rexford.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University January.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Computer Science Department Princeton University
Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University July.
Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University August,
Design for Network Managability Mung Chiang and Jennifer Rexford Princeton University March 2007.
Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Working Group #4: Network Security – Best Practices March 6, 2013 Presenters: Rod Rasmussen, Internet Identity Tony Tauber, Comcast WG #4.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.
9/15/2015CS622 - MIRO Presentation1 Wen Xu and Jennifer Rexford Department of Computer Science Princeton University Chuck Short CS622 Dr. C. Edward Chow.
How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
Working Group 6: Secure BGP Deployment 14 March 2013 Andy T Ogielski, Renesys Jennifer Rexford, Princeton WG 6 Co-Chairs.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly.
Working Group #4: Network Security Best Practices March 22, 2012 Presenter: Tony Tauber, Comcast WG #4 Member Via teleconference: Rod Rasmussen, Internet.
BGP Man in the Middle Attack Jason Froehlich December 10, 2008.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
Working Group 7: Botnet Remediation Status Update September 12, 2012 Michael O’Reirdan (MAAWG) - Chair Peter Fonash (DHS) – Vice-Chair.
Working Group #4: Network Security Best Practices September 12, 2012 Presenter: Rod Rasmussen, Internet Identity WG #4 Co-Chair.
Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.
Detecting Attacks on Internet Infrastructure and Monitoring of Service Restoration in Real Time Andy Ogielski FCC Workshop on Cyber Security 30 September.
BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.
Working Group 6: Secure BGP Deployment March 22, 2012 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
Bringing External Connectivity and Experimenters to GENI Nick Feamster Georgia Tech.
Working Group 6: Secure BGP Deployment September 23, 2011 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs.
Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Elliott Karpilovsky, Princeton University on behalf of Jennifer Rexford, Princeton.
AIOTI ALLIANCE FOR INTERNET OF THINGS INNOVATION Chair: Kit Lam (Samsung) & Co-Chair: Thomas Kallstenius (iMinds) Brussels, WG7 Wearables.
One Hop for RPKI, One Giant Leap for BGP Security Yossi Gilad (Hebrew University) Joint work with Avichai Cohen (Hebrew University), Amir Herzberg (Bar.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Security measures deployed by e-communication providers
Auto-Detecting Hijacked Prefixes?
Auto-Detecting Hijacked Prefixes?
Goals of soBGP Verify the origin of advertisements
Beyond Technical Solutions
COS 561: Advanced Computer Networks
Can Economic Incentives Make the ‘Net Work?
COS 561: Advanced Computer Networks
How to Detect Attacks and Supervise Rail Systems?
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)
Fixing the Internet: Think Locally, Impact Globally
Presentation transcript:

Working Group 6: Secure BGP Deployment December 16, 2011 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs

2 Working Group 6: Secure BGP Deployment  Short Description: The Border Gateway Protocol (BGP) controls inter-domain packet traffic routing on the entire global Internet. BGP relies on trust among operators of gateway routers to ensure the integrity of the Internet routing infrastructure. Over the years, this trust has been compromised on a number of occasions, revealing fundamental weaknesses of this critical infrastructure. This Working Group will recommend the framework for industry regarding incremental adoption of secure routing procedures and protocols based on existing work in industry and research. The framework will include specific technical procedures and protocols. The framework will be proposed in a way suitable for opt-in by large Internet Service Providers (ISPs) in order to create incentives for a wider scale, incremental ISP deployment of secure BGP protocols and practices in a market-driven, cost-effective manner.  Duration: August 2011 – March 2013

Working Group 6 – Participants Participant list updated 2011/09/30 Jennifer Rexford, Princeton, Co-Chair Andy Ogielski, Renesys, Co-Chair Shane Amante, Level 3Eric Lent, Comcast Daniel Awduche, VerizonDanny McPherson, Verisign Ron Bonica, JuniperDoug Maughan, DHS S&T Jay Borkenhagen, AT&TDoug Montgomery, NIST Martin Dolly, ATIS/AT&TChristopher Morrow, Google Andy Ellis, AkamaiSandra Murphy, SPARTA Sharon Goldberg, Boston U.Mary Retka, Century Link Adam Golodner, CiscoIsil Sebuktekin, Telcordia Kyle Hambright, Las Vegas Metro PoliceGreg Sharp, Internet Identity Lars Harvey, Internet IdentityTony Tauber, Comcast Michael Kelsen, Time Warner CableDavid Ward, Juniper Ed Kern, CiscoWilliam Wells, TeleCommunication Systems

Working Group 6 - Work Completed  Documenting known threats  Real BGP security incidents, and known vulnerabilities  Identifying suite of BGP security solutions  Current best common practices (i.e., local filters)  Anomaly detection to flag and avoid suspicious routes  Global database of certified origins, with conventional configuration  Cache-to-router origin certification protocol to push filters  Cryptographic validation of the entire route (e.g., S-BGP)  Identifying dimensions for comparing solutions  Technical maturity, and cost to deploy and operate  Security benefits, and new attack surfaces  Feasibility of incremental deployment  Impact on autonomy of networks and nations 4

Working Group 6 – Ongoing Work Activity  Comparing the BGP security solutions  Analyzing each solution across all dimensions  Comparing with the other proposed solutions  Identifying ways to encourage incremental deployment  Identifying important usage scenarios  Number of BGP-speaking routers  Structure within and between networks  Frequency of BGP routing changes  Designing experimental methodology  Measurement infrastructure (e.g., RouteViews, Renesys)  Quantifying extent/scope of security incidents  Quantifying effectiveness of partial deployments  Safe active experiments with participating networks 5

Working Group 6 - Project Timeline  WG regular meetings  1 st and 3 rd Tuesdays of each month  Soon, smaller groups on major sub-topics  WG Final Recommendations: March 2013  Intermediate Milestones (Preliminary):  Secure Routing Implementation Practices – March 8, 2012  Secure Routing Performance Metrics – September 12, 2012  Secure Routing Performance Metrics – December 5,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.