Information technology engineers have been studying methods for fixing a weakness in the Internet's routing system known as the Border Gateway Protocol (BGP), which can cause networks to become unavailable if mistakes are made in entering information or if there is a malicious attack.
BGP weaknesses also can cause a company's Internet traffic to be circuitously routed through another network it does not need to go through, a process known as route hijacking. The solution is to have routers verify that the Internet Protocol (IP) address blocks announced by other routers actually belong to their networks. The Resource Public Key Infrastructure (RPKI) method uses a system of cryptographic certificates that verify if an IP address block belongs to a certain network. However, RPKI is complex, and deployment has been slow.
An alternate system, known as Route Origin Verification (Rover), could be easier. Rover's advantages are that it needs no changes in the existing routers, and it can work alongside RPKI. "The whole infrastructure of securing the answer [of whether the route is legitimate] already exists," says Secure64's Joe Gersch.
From IDG News Service
View Full Article
Abstracts Copyright © 2012 Information Inc. , Bethesda, Maryland, USA