Long-Standing Internet Routing Vulnerability to be Fixed

The internet’s routing system currently has a significant vulnerability in it that can cause traffic to be blocked or rerouted, by an attacker. The problem is present in the routers used by any organization that owns a block of IP addresses.

These routers all around the internet, containing upwards of 400,000 routing entries each, talk to each other using the Border Gateway Protocol (BGP) to update these entries. The problem is that there is no authentication of the data from any router, allowing a malicious hacker to change entries in their routers to redirect to their own networks, where non-SSL secured traffic can easily be spied upon using deep packet inspection. Something suspicious like this already happened, where all Facebook traffic on AT&T’s network strangely went through China for a while, as discovered by Joe Gersch, a researcher working for Secure64, a company that makes Domain Name System (DNS) server software.

Surprisingly, there are two solutions that can be deployed for this problem, neither of them requiring excessive amounts of money and resources to implement. The first is Resource Public Key Infrastructure (RPKI), which uses a system of cryptographic certificates that verify an IP address block indeed belongs to a certain network. However RPKI is complex, slowing down deployment. The other is called Rover, sort of short for Route Origin Verification, which might be used because it’s easier to implement. The best part about Rover is that it doesn’t require changes to be made to existing routers and that it can work alongside RPKI, to provide robust protection against a routing attack.