Rethinking security for internet routing

ON JUNE 12, 2015, an incident in the Asia-Pacific region caused network performance problems for hundreds of thousands of Internet destinations, including Facebook and Amazon. 24,37 It was not the result of a natural disaster, a failed transatlantic cable, or a malicious attack. Instead, it resulted from a misconfiguration at a Malaysian ISP that inadvertently exploited the Internet's Border Gateway Protocol (BGP) to disrupt connectivity at networks in Malaysia and beyond. BGP establishes Internet connectivity by setting up routes between independently operated networks. Over the past two decades, several high-profile routing incidents (often resulting from misconfigurations(4,8,28,30,37)) have regularly demonstrated that BGP is highly vulnerable to malicious attacks. BGP attacks cause a victim network Internet traffic to be rerouted to the attacker's own network. The rerouted traffic might then be dropped before it reaches its legitimate destination(4,28,30,37) or, more deviously, be subject to eavesdropping,(2,32) traffic analysis,(36) or tampering.(15,21,34)