"Using Cloud Resources to Dramatically Improve Internet Routing"

Fri Oct 11 10:02:30 UTC 2019

On Mon, Oct 7, 2019 at 4:45 PM Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> On Fri, Oct 04, 2019 at 03:52:26PM -0400,
>  Phil Pishioneri <pgp+nanog at psu.edu> wrote
>  a message of 9 lines which said:
>
> > Using Cloud Resources to Dramatically Improve Internet Routing
> > UMass Amherst researchers to use cloud-based ‘logically centralized
> > control’
>
> Executive summary: it's SDN for BGP. Centralizing Internet routing,
> what could go wrong? (As the authors say, "One reason is there is no
> single entity that has a big picture of what is going on, no
> manager". I wonder who will be Internet's manager.)
>
> Otherwise, an impressive amount of WTF. My favorite: "while
> communication by servers ___on the ground___ might take hundreds of
> milliseconds, in the cloud the same operation may take only one
> millisecond from one machine to another" I thought that universities
> were full of serious people, but university of Massachusets may be an
> exception?

I haven't found the actual work that is being referenced here, and I
*am* quite skeptical based upon the title / premise -- but, I suspect
(well, hope) that this is just another instance of complex technical
material being munged by marketing / reporters into something
unrecognizable -- note that "This article was originally published by
the UMass News Office."

Here is an abstract of one of Yang Song, Arun Venkataramani, Lixin
Gao's earlier papers:
"BGP is known to have many security vulnerabilities due to the very
nature of its underlying assumptions of trust among independently
operated networks. Most prior efforts have focused on attacks that can
be addressed using traditional cryptographic techniques to ensure
authentication or integrity, e.g., BGPSec and related works. Although
augmenting BGP with authentication and integrity mechanisms is
critical, they are, by design, far from sufficient to prevent attacks
based on manipulating the complex BGP protocol itself. In this paper,
we identify two serious attacks on two of the most fundamental goals
of BGP-to ensure reachability and to enable ASes to pick routes
available to them according to their routing policies-even in the
presence of BGPSec-like mechanisms. Our key contributions are to (1)
formalize a series of critical security properties, (2) experimentally
validate using commodity router implementations that BGP fails to
achieve those properties, (3) quantify the extent of these
vulnerabilities in the Internet's AS topology, and (4) propose simple
modifications to provably ensure that those properties are satisfied"

I'm assuming that it this were passed through many company /
university news / marketing orgs it would be translated into:
"The core protocol that makes all of the Internet, all e-commerce,
Internet banking and e-coin torrenting malware protection is
vulnerable to hackers stealing your identity. All existing efforts
have failed, because quantum computers can break cryptography. Our
researchers have identified simple attacks which bypass all Internet
security mechanisms and firewalls, and have demonstrated these
vulnerabilities in the wild. In order to protect Internet banking and
blockchain, and to ensure free elections, they have also developed a
simple and effective new system keep everyone secure. Contact us at
licensing at university.org to learn how to license this critical
technology. Click <here> to enroll in University, where you too can
learn to fix the Interwebs and earn lots of money."

W
-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf