Principal Investigator: Convery, S., Franz, M.
Project Description: Systematic study of BGP security vulnerabilities using attack tree methodology resulting in BGP deployment best practices
Project Impact: The project establishes a proper methodology for testing BGP and validates the usefulness of implementing various BGP best practices.
Project Details: BGP and other infrastructure protocols such as DNS have received significant attention as awareness of Internet security has increased. The use of attack trees focuses analysis on measurable goals that can ultimately be translated into specific tests against popular implementations. This analysis technique also encourages a structured elaboration of events that must occur for a successful intrusion. Because each node (an attacker goal) may be decomposed into subordinate nodes (subgoals, or the means of achieving the parent goal), attack trees allow security analysis to be conducted at multiple layers of abstraction. Visit this link for more information:
http://www.ietf.org/proceedings/04aug/I-D/draft-ietf-rpsec-bgpattack-00.txt
The testing phase includes three main areas. Firstly, specific attacks as outlined in the BGP Attack Tree draft were tested against lab networks to gauge attack results, difficulty, and the availability of best practices which mitigate the attack's effects. See more at this link:
http://www.ietf.org/proceedings/04aug/I-D/draft-ietf-rpsec-bgpattack-00.txt
Where appropriate, these attacks were accomplished against multiple BGP implementations to measure variations in response.
Secondly, multiple implementations were tested using a BGP malformed message generator in an attempt to measure the resilience of BGP implementations against unexpected input. Thirdly, the prevalence of generally accepted best practices on the Internet was measured by querying a representative set of the Internet's BGP routers on key management interface.
View the project here:
www.nanog.org/mtg-0306/franz.html
Project Deliverables: Paper published (linked above).
Status: Completed
