13.05.2024 | Amir Herzberg, University of Connecticut

Talk: "BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks"


Dr. Herzberg's is the Comcast professor for Cybersecurity Innovation in the school of computing of the university of connecticut. His research areas include internet security, applied cryptography, privacy and anonymity, usable security, security for cyber-physical systems, and social, economic and legal aspects of security.
Dr. Herzberg earned his Ph.D. in Computer Science in 1991 from the Technion in Israel.  From 1991 to 1995, he worked at the IBM T.J. Watson Research Center, where he was a research staff member and the manager of the Network Security research group.  From 1996 to 2000, Dr. Herzberg was the Manager of E-Business and Security Technologies at the IBM Haifa Research Lab.  From 2002 to 2017, he was a professor in Bar Ilan University (Israel). Since 2017, he is professor at University of Connecticut.

BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks


We present BGP-iSec, an enhancement of the BGPsec protocol for securing BGP, the Internet’s inter-domain routing protocol. BGP-iSec ensures additional and stronger security properties, compared to BGPsec, without significant extra overhead. The main improvements are: (i) Security for partial adoption: BGP-iSec provides significant security benefits for early adopters, in contrast to BGPsec, which requires universal adoption. (ii) Defense against route leakage: BGP-iSec defends against route leakage, a common cause of misrouting that is not prevented by BGPsec. (iii) Integrity of attributes: BGP-iSec ensures the integrity of integrity-protected attributes, thereby preventing announcement manipulation attacks not prevented by BGPsec. We argue that BGP-iSec achieves these goals using extensive simulations as well as security analysis. The BGP-iSec design conforms, where possible, with the BGPsec design, modifying it only where necessary to improve security or ease deployment. By providing stronger security guarantees, especially for partial adoption, we hope BGP-iSec will be a step towards finally protecting interdomain routing, which remains, for many years, a vulnerability of the Internet’s infrastructure.

Joint work with Cameron Morris, Bing Wang and Samuel Secondo