Incrementally deployable secure Internet routing: operator survey

Adrian Perrig perrig at gmail.com
Fri Dec 17 15:02:32 UTC 2021


Dear Nanog,

Knowing how challenging it is to apply new technologies to current
networks, in a collaboration between ETH, Princeton University, and
University of Virginia, we constructed a system that provides security
benefits for current Internet users while requiring minimal changes to
networks. Our design can be built on top of the existing Internet to
prevent routing attacks that can compromise availability and cause
detrimental impacts on critical infrastructure – even given a low adoption
rate. This provides benefits over other proposed approaches such as RPKI
that only protects a route’s origin first AS, or BGPsec that requires
widespread adoption and significant infrastructure upgrades.

Our architecture, called Secure Backbone AS (SBAS), allows clients to
benefit from emerging secure routing deployments like SCION by tunneling
into a secure infrastructure. SBAS provides substantial routing security
improvements when retrofitted to the current Internet. It also provides
benefits even to non-participating networks and endpoints when
communicating with an SBAS-protected entity.

Our ultimate aim is to develop and deploy SBAS beyond an experimental
scope. We have designed a survey to capture the impressions of the network
operator community on the feasibility and viability of our design. The
survey is anonymous and takes about 10 minutes to complete, including
watching a brief 3-minute introductory video.

https://docs.google.com/forms/d/e/1FAIpQLSc4VCkqd7i88y0CbJ31B7tVXyxBlhEy_zsYZByx6tsKAE7ROg/viewform?usp=pp_url&entry.549791324=NANOG+mailing+list

We thank you for helping inform our further work on this project. We will
be happy to share the results with the community.

With kind regards
  Prateek Mittal, Adrian Perrig, Yixin Sun
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211217/7ceb087f/attachment.html>


More information about the NANOG mailing list