In 2017, a Distributed Denial of Service (DDOS) attack took down Internet services for most of the US Eastern Seaboard.
In 2018, for just over an hour connections to Google Cloud services, APIs, and websites were diverted through overseas IP addresses, snaking their way through systems in Russia and China. Sites and apps built on Google Cloud, such as Spotify, Nest, and Snapchat, were affected.
As recently as June of this year, huge swaths of Europe’s mobile traffic took an unwelcome detour through state-backed China Telecom. While the 24th of the month saw the internet suffer what Cloudflare referred to as a ‘small heart attack’, an unsuspecting little business in northern Pennsylvania became the main freeway for all Verizon internet traffic.
All these ‘incidents’ and ‘accidents’ have a common denominator; a fundamental weakness in the Border Gateway Protocol (BGP).
The Three-Napkins ProtocolThe 411: BGP manages how routers send data across the vast nexus that constitutes the internet. BGP helps routers pick through the boundless permutations and combinations of transit paths to pick the best suited.
Conceived in 1989, Kirk Lougheed of Cisco and Yakov Rekhter of IBM scribbled the design for their routing protocol on two napkins while eating lunch at an Internet Engineering Task Force (IETF) conference.
Their version of BGP remains more or less the same since 1994 but, though BGP, scales well, the internet is a very different beast to what it was 25 years ago. Rekhter and Lougheed built their protocol with trust in mind. Their protocol relies on the honor system, which allows the pushing and pulling of data by anonymous parties.
They simply did not consider the importance of independent route claim verification for individual networks. BGP’s inception was during the lofty, utopian era, when the goal of the internet was the righteous provision of an information pathway for all humankind and the sooner the better.
In the early days of the Internet, getting stuff to work was the primary goal. There was no concept that people would use this to do malicious things. . . . Security was not a big issue.
BGP Co-Inventor, Kirk Lougheed
Unfortunately, in their haste towards progress, they innocently devised a protocol ripe for the picking. With no system for checking the veracity of BGP messages, the risk of outages, or data interception and deception, data flows can backup or reroute causing all manner of connectivity issues.
BGP is struggling under its own weight.
So how did it win the battle of the routing protocols when there were efforts afoot to build competitors? Simple, it won because it was simple. It keeps the internet’s data flowing. It’s fast, nimble and pragmatic in construct. What it is not, however, is secure.
Fair WarningIn 1998 a group of 7 hackers from the L0pht collective, with Lone Gunmen-sounding names like Space, Rogue, Kingpin and Mudge, testified at a senate committee hearing that they could take down the internet in just 30 minutes by attacking the BGP. Their warnings fell on deaf ears and 21 years later, we’re still paying the price of their indifference.
In an attempt to shore defences, in light of continuous warnings, the National Institute of Standards and Technology (NIST), working with DHS, gave us the Secure Inter-Domain Routing defense standards, Still, the uptake is minimal.
The reason for the underwhelming shift to new, more secure routing protocols is likely that BGP is already here. It works. We know it. We’re not afraid of it. And significantly, it’s cheap. Once we fully subscribe to a technology we are very slow to replace it in favor of something new and unknown, especially when this unknown is costly. The result: burial under layer upon layer of outdated technology.
Seeing this conceptually is fairly easy and straightforward. Sorting it out in terms of the engineering is fiendishly difficult. Columbia University computer scientist Steven M. Bellovin
BGPocalypseDoug Madory, Director of Internet Analysis at Oracle Dyn, warns of something he refers to as the ‘Dystopian Possibility’. This nightmare scenario involves international tensions boiling over to the point that hostile nation states start taking great swaths of the internet hostage. This kind of attack would confuse the world’s routers and ultimately fracture internet regions into rival fiefdoms. Our seamless global network would cease to exist. Sounds dramatic, even something from a Netflix production. The reality is, this is all too possible given our reliance on an antiquated defense protocol. Time for introspection.
The internet needs authentication at every level.
Secure cryptographic keys authenticating identities in cyberspace are a must. These keys would outline the makeup of all network traffic, allowing routers to ignore faulty or malicious BGP messages.
The most robust BGP alternatives on the table include BGPSEC , Secure Inter-Domain Routing (sidr). and Resource Public Key Infrastructure (RPKI), to name a few, but until the big players subscribe to these we can expect the attacks to keep on coming.
Europe and the Middle East are currently at a mere 9% uptake in cryptographic key identifiers, with Latin America at 24%, and North America and Africa bringing up the rear at 5%,
The most worrying of these statistics is the percentage of Internet traffic the new cryptographic network key systems currently secure: zero.
It’s time to address the massive vulnerability at the heart of our routing architecture. Time to get tough on the soft underbelly of the internet!