"The core of the Internet is notoriously vulnerable to attacks, with Border Gateway Protocol (BGP) and DNS being particular weak points. So I set out to learn enough about what has been done to secure these components of the Internet's "core infrastructure" to be able to write something useful for our book. For this post I am going to limit myself to talking about BGP security, where it's fair to say that the results have been mixed."
"A good place to start to understand BGP security (and the lack of it) is Sharon Goldberg's article Why Is It Taking So Long to Secure Internet Routing? from 2014. The fact that the article remains timely after more than a decade is a sign of just how hard the problem is. This paper from Testart and Clark on the state of routing security in 2020 shows how little things improved in subsequent years."
The core of the Internet is notoriously vulnerable to attacks, with BGP and DNS as particular weak points. Efforts to secure BGP have produced mixed results. Three structural challenges impede progress: BGP's complexity, the inherent difficulty of designing and operating security correctly, and ossification of the Internet's core. Despite these obstacles, deployment of Route Origin Validation (ROV) backed by the Resource Public Key Infrastructure (RPKI) has become meaningful since 2014. RPKI enables routing entities, such as autonomous system operators, to make cryptographic assertions about route origins. ROV uses these assertions to validate that an AS legitimately originates a prefix.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]