IETF Improving Technical Security Technology

Routing Security on the Internet – Is it Really Worth the Effort?

A security researcher from Georgia Institute of Technology has called into question the efforts underway to secure the Internet’s routing infrastructure. Robert Lychev’s findings are striking and the paper he and his co-authors wrote earned them the third Applied Networking Research Prize for 2014.

Many widely used communication protocols on the Internet were not originally designed with security in mind: they were intended for parties that trust each other. As the Internet has evolved, many new protocols intended to address specific security vulnerabilities have been developed. Deployment of these new protocols can take a long time and therefore questions about the interactions of new secure protocol solutions with legacy insecure protocols are important.

For routing of Internet traffic, Border Gateway Protocol (or BGP) is a key technology and much work has been done to address the real security vulnerabilities of BGP through developments like the Resource Public Key Infrastructure (RPKI) and BGP Security Extensions (BGPSEC). Lychev and his collaborators were interested in understanding the security properties of BGPSEC in partial deployment. In particular, what does partially deployed BGPSEC offer over RPKI or, “Is the juice (additional security benefits) worth the squeeze (extra efforts of deployment)?”

In their paper, “BGP Security in Partial Deployment” (Proc. ACM SIGCOMM, Hong Kong, China, August 2013), Lychev and his co-authors Sharon Goldberg and Michael Schapira found that partially deployed security measures sometimes introduce new vulnerabilities and partial deployment provides only meagre benefits over RPKI if operators do not prioritise security over all other considerations in their routing policies.

Speaking about the award and his trip to the IETF meeting in Toronto, Lychev said, “Thank you very much for making this trip possible. I think that I have learned quite a bit from this meeting. I met a lot of people, and I hope to start new collaborations with some of them in the near future.”

Lychev received his award at the recent Internet Research Task Force open meeting at IETF 90 in Toronto, where he also presented his results. His slides are available and audio from the presentation is also available (starting at 00:09:00).

The nomination period for Applied Networking Research Prizes to be awarded in 2015 is now open. Please submit your nominations for the 2015 ANRP award before the closing date of October 31, 2014. Nominations can be submitted via the submission site or by email to