BGP

Since a core problem with BGP resiliency is the concept of trust, then trust and risk must be a core of the solution. Understanding routing updates as a function of trust and risk enables approaching such updates as partially trusted. Cryptographic solutions attempt to provide perfectly trustworthy sources and paths. Yet Certificate Authority subversion in the TLS realm have shown that today’s certificates are not themselves trustworthy; nor does this proposed solution address misconfiguration or malicious configurations. We propose analysis of BGP from a different perspective, one that recognizes routing as a geographical, economic, political and technical challenges. The result is recognizing routes and updates as partially trusted.

Route updates will be evaluated using both networking and external information. For example, overall change in the RIB would indicate an error, for example route leaks rarely effect only one route. The rate of change in a route is mother indicator: previously consistent routes should not suddenly fluctuate. We also will examine data external to the network. By providing rough geographical estimates (when possible), adjacency, network scale, and market size some hijacking and errors will be detected. For example, a small ISP which has never been a transit route, coming from an identifiable jurisdiction with a history of limited competence that suddenly announces itself as a transit point would be suspect. We combine common metrics, like path length, with market and geographical classifications as a basis for decision-making. The goal is to classify route updates along a continuum of trust, allowing organizations to make their own decisions. Possible decisions include delaying adoption of update, refuse to distribute an update, cease or delay sending information to that route, or simply alerting an operator that some human evaluation or interaction is needed.

We propose analysis of BGP from a different perspective, one that recognizes routes as partially trusted. Route updates will be evaluated using both networking and external information. For example, overall change in the RIB would indicate an error, for example route leaks rarely effect only one route. The rate of change in a route is another indicator: previously consistent routes should not suddenly fluctuate in a stable environment. We will examine data external to the network. By providing rough geographical estimates (when possible), adjacency, network scale, and market size some hijacking and errors will be detected. For example, a small ISP which has never been a transit route, coming from an identifiable jurisdiction with a history of limited competence that suddenly announces itself as a transit point would be suspect. This combines path length with market and geographical classifications as a basis for decision-making.

The goal is to classify route updates along a continuum of trust, exploring new algorithms that will give a measure of integrity assurance to BGP updates that are received. We will explore applying machine learning techniques to the variety of data available when network topology is to be changed via BGP to generate trust indicators for those changes. A core goal is allowing individual organizations to make their own decisions about how to respond. This would be implemented by developing machine learning algorithms to automate and support decision-making. These could be customized by larger ISPs, yet easily adopted by smaller ISPs. This would be designed for network operators, thus allowing human intervention. Possible decisions include delaying adoption of update, refuse to distribute an update, cease delay sending information to that route, or simply alerting an operator that some human evaluation or interaction is needed. For example, in the 2010 Chinese misdirection of 15% of traffic, not all traffic was diverted, as Level 3 and AT&T differed in their response.

There are multiple unique components to this approach: the integration of external data, the use of long term historical data, the focus on incentive-alignment, and the use of machine learning to identify and classify different types of attacks.