By: Mat Ford
During the Internet Research Task Force open meeting in Toronto, the third Applied Networking Research Prize for 2014 was presented to Robert Lychev and his coauthors for studying the security benefits provided by partially-deployed S*BGP.
Many widely used communication protocols on the Internet were not originally designed with security in mind—they were intended for parties that trust each other. As the Internet has evolved, new protocols intended to address specific security vulnerabilities have been developed. Deployment of these protocols can take a long time, therefore questions about the interactions of new secure protocol solutions with legacy insecure protocols are important.
For routing of Internet traffic, Border Gateway Protocol (BGP) is a key technology and much work has been done to address the real security vulnerabilities of BGP via developments like the Resource Public Key Infrastructure (RPKI) and BGP Security Extensions (BGPSEC). Lychev and his collaborators were interested in understanding the security properties of BGPSEC in partial deployment. In particular, what does partially deployed BGPSEC offer over RPKI or, “Is the juice (additional security benefits) worth the squeeze (extra efforts of deployment)?”
In their paper, “BGP Security in Partial Deployment” (Proc. ACM SIGCOMM, Hong Kong, China, August 2013), Lychev and his coauthors, Sharon Goldberg and Michael Schapira, report that (1) partially deployed security measures sometimes introduce new vulnerabilities, and (2) partial deployment provides only meagre benefits over RPKI if operators do not prioritise security over all other considerations in their routing policies.
Speaking about the award and his trip to the IETF meeting in Toronto, Lychev said, “I think that I have learned quite a bit from this meeting. I met a lot of people, and I hope to start new collaborations with some of them in the near future.”
Robert’s slides are available at http://www.ietf.org/proceedings/90/slides/slides-90-irtfopen-1.pdf. Audio from the presentation is available at http://recordings.conf.meetecho.com/Playout/watch.jsp?recording=IETF90_IRTFOPEN&chapter=chapter_0 (starting at 00:09:00).
The nomination period for prizes to be awarded in 2015 closed on 31 October 2014.