Presentation is loading. Please wait.

Presentation is loading. Please wait.

Beyond Technical Solutions

Published byAngela Quinn Modified over 6 years ago

Similar presentations

Presentation on theme: "Beyond Technical Solutions"— Presentation transcript:

1 Beyond Technical Solutions
Understanding the role of governance structures in Internet routing security Dr. Milton Mueller Dr. Brenden Kuerbis

2 This research is supported by the U. S
This research is supported by the U.S. National Science Foundation, Award Number SES Begin date: August 15, 2014; end date July 30, 2016

3 Research Problem The Internet’s routing protocol, Border Gateway Protocol (BGP) is known to be susceptible to errors and attacks. Most research on Internet routing security concentrates on technical solutions (new standards and protocols). But what if the obstacles to improved routing security are not just technical?  RQ: Are distinct governance structures among networks correlated with variation in the number and severity of routing anomalies? Most research on Internet routing security concentrates on technical solutions (new standards and protocols). But what if the obstacles to improved routing security are not just technical? What if the susceptibility of networks to malicious route hijacks and path manipulations have as much to do with the way organizations implement routing policies and technologies as with the technical standards and protocols per se? What if a new technology designed to “solve” routing security problems creates new, unanticipated implementation and cooperation issues that could undermine many of the theoretical security gains of the better design? Despite the role of socio-economic factors in security, studies of routing security are not adequately supported by social science studies of the actual behavior of network operators. This project is based on the premise that organizational and institutional factors – known as governance structures in institutional economics – are as important to Internet routing security as technological design. Internet routing involves decentralized decision making among tens of thousands of autonomous network operators. In this environment, an individual operator’s decisions regarding implementation, organization and monitoring of routing policies powerfully affect the adoption and performance of security technologies.

4 Governance structures
Definition The institutional framework in which contracts are initiated, negotiated, monitored, adapted, enforced and terminated Markets, hierarchies, networks Relevance to routing security Networked governance

5 Levels of analysis of governance structures
Macro Meso Micro The Internet is comprised of hundreds of thousands of distinct organizations with varying incentives and operational goals. Routing is a decentralized, cooperative process in which network operators exchange information and use contracts or other kinds of voluntary agreements based on common technical standards to exchange traffic. In Internet routing, institutional and regulatory authority is also decentralized; while there is global connectivity, there are approximately 200 separate national legal jurisdictions and no common, hierarchical global regulatory authority over all the organizations that comprise the Internet and their routing practices. Routing security, therefore, must be achieved through a bottom up process of self-governance. As a result, deploying secure Internet routing is much more challenging than just installing a piece of hardware or performing a software upgrade. It requires understanding the socio-economic factors that influence operators’ cooperative practices and technology implementation decisions. This study will use an innovative combination of institutional economics and network analysis to isolate and understand the governance structures underlying Internet routing, and attempt to determine which governance structures lead to more or less routing security incidents.

6 Dependent variable Anomaly monitoring systems
Numerous systems Identifying differences between observed & expected route announcements What are routing announcements? Prefix and AS Number (ASN) What is an anomaly? Prefix hijacks and path manipulation Limitations of anomaly monitoring systems Incompleteness of the observed AS-level structure of the internet Over- and under-estimation Identification of perpetrators and new types

7 Initial quantitative findings
Observed routing & anomaly data for June 2011 – October 2014 Notable variation in the number of anomalies among ASs Number of routing anomalies is correlated with number of out- degrees 0.269** correlation

8 Independent variable: governance structures
Internet Address Registries Macro-level Became regionalized from Internet Routing Registries (IRRs) Key meso-level governance structure Few academic studies of them as institutions Important variations across IRRs New Technologies grounded in Regional Address Registries (RIRs) RPKI BGPSEC

9 Internet Routing Registries (IRRs)
Databases that allow AS’s to register their own routing policies and validate routing policies of other AS’s. Extensive mirroring of data across different IRRs based on standard formatting Who operates them? Specialized third parties Tier 1 Internet service providers RIRs and NIRs Hosting/colocation companies, Internet Peering Exchanges How are they sustained economically? Free/open Fee-based Service-based

10 Economic and governance analysis of IRRs
Do IRRs have public good characteristics? Nonrival consumption, nonexclusive benefits Voluntary data input by many autonomous actors Open access to data; some data mirrored across registries What governance structures are used to ensure data accuracy and currency? Contracts Data and access controls Linkages to macro-level institutions (RIRs) How to detect IRR use?

11 IRRs vs. other solutions
Data quality inetnum (IRR) vs. Route Origin Authorization (RPKI) Routing security Route object registration (IRR) vs. Route Origin Authorization (RPKI) Filtering out anomalous route announcements (IRRs) vs authenticating all announcements (BGPSEC) Individual AS benefit (IRR) vs. overall network benefit (BGPSEC) Major implications for governance mode Networked governance vs. hierarchical governance

12 Final thoughts Policy implications
Are there ‘best practices’ for IRRs and operators? Should RIRs facilitate or mandate new tech adoption? Should national regulators require use of specific technologies? Need for closer engagement of computer science, policy studies, political economy, institutions

Download ppt "Beyond Technical Solutions"

Similar presentations

Autonomy and Accountability – New Models of Institutional Autonomy

Autonomy and Accountability – New Models of Institutional Autonomy
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Climate risk and adaptation: importance of local coping strategies Anand Patwardhan Indian Institute of Technology-Bombay.

Climate risk and adaptation: importance of local coping strategies Anand Patwardhan Indian Institute of Technology-Bombay.
Caribbean Future Forum University of the West Indies 5 th -7 th May, 2015 IMPLEMENTATION DEFICIT: WHY MEMBER STATES DO NOT COMPLY WITH CARICOM DIRECTIVES.

Caribbean Future Forum University of the West Indies 5 th -7 th May, 2015 IMPLEMENTATION DEFICIT: WHY MEMBER STATES DO NOT COMPLY WITH CARICOM DIRECTIVES.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Copyright 2004 Prentice Hall

Copyright 2004 Prentice Hall
APNIC eLearning: Intro to RPKI 10 December 2014 12:30 PM AEST Brisbane (UTC+10)

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.

Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Challenges and the benefits of interoperability for the railway industry and the rail transport Eric Fontanel UNIFE General Manager.

Challenges and the benefits of interoperability for the railway industry and the rail transport Eric Fontanel UNIFE General Manager.
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Chapter 1 – THE CHALLENGE OF MANAGEMENT

Chapter 1 – THE CHALLENGE OF MANAGEMENT
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.
©2007 Prentice Hall Organizational Behavior: An Introduction to Your Life in Organizations Chapter 1 Why Mastering Organizational Behavior is Essential.

©2007 Prentice Hall Organizational Behavior: An Introduction to Your Life in Organizations Chapter 1 Why Mastering Organizational Behavior is Essential.
Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.
Senior Regulators Meeting The future of the IRRS Programme: Enhancing the Effectiveness of the Regulatory Body Ramzi Jammal, Executive Vice-President and.

Senior Regulators Meeting The future of the IRRS Programme: Enhancing the Effectiveness of the Regulatory Body Ramzi Jammal, Executive Vice-President and.
Development and Transfer of Technologies UNFCCC Expert Workshop On Technology Information Technology Transfer Network and Matchmaking Systems: a LA & C.

Development and Transfer of Technologies UNFCCC Expert Workshop On Technology Information Technology Transfer Network and Matchmaking Systems: a LA & C.
X-Road – Estonian Interoperability Platform

X-Road – Estonian Interoperability Platform
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Lecture 4: BGP Presentations Lab information H/W update.

Lecture 4: BGP Presentations Lab information H/W update.

Similar presentations

Ads by Google