Email this Article Email   

CHIPS Articles: Protecting the Integrity of Internet Routing

Protecting the Integrity of Internet Routing
NIST seeks comments on draft pub
By CHIPS Magazine - September 5, 2018
The internet is so much a part of 21st century living that's its hard to imagine life without it. It is central to modern business transactions and to American society in general. The internet is essential to the exchange of all manner of information, from obtaining government services, to shopping and banking, manufacturing, to entertainment and academic study.

Interestingly, despite the smooth connection to connection users enjoy, the internet is not a single monolithic network, but rather a complex web of independent, interconnected networks. The design of the internet is based on a trust relationship between these networks and relies on a protocol known as the Border Gateway Protocol (BGP) to route traffic among the various networks worldwide, according to a NIST release.

BGP is the protocol that Internet Service Providers (ISPs) that organizations and individuals use to exchange route information between them. Unfortunately, BGP was not designed with security in mind. Traffic typically traverses multiple networks to get from its source to its destination. Networks inherently trust the BGP information they receive from their neighbors, but the lack of security makes BGP vulnerable to route hijacks, NIST said. A route hijack attack can deny access to internet services, seize email and internet transactions and deliver them to malicious endpoints and cause routing instability.

But now a technique known as BGP Route Origin Validation (ROV) is designed to protect against route hijacking, NIST reported.

The National Cybersecurity Center of Excellence (NCCoE) has developed proof-of-concept demonstrations of BGP ROV implementation designed to improve the security of the internet's routing infrastructure. This NIST Cybersecurity Practice Guide — Draft SP 1800-14, Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation — demonstrates how networks can protect BGP routes from vulnerability to route hijacks by using available security protocols, products and tools to perform BGP ROV to reduce route hijacking threats, NIST said.

The example implementation described in this guide aims to protect the integrity and improve the resiliency of internet traffic exchange by verifying the source of the route. NIST’s standards-based example solution uses commercially available products and can be used in whole or in part. It can also be used as a reference to help an organization design its own, custom solution.

Comments are due Oct. 15, 2018 and may be submitted to sidr-nccoe@nist.gov.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer