The Internet routing system plays an essential role of glueing together tens of thousands of individual networks to create a global data delivery substrate. Over the years many efforts have been devoted to securing the routing system and a plethora of solutions have been proposed. Yet none of the solutions has seen wide adoption in the operational Internet and the routing system security remains a serious concern. In this paper we articulate the fundamental challenges in rolling out new security solutions to the global routing system by categorizing the various proposed solutions into a few classes and identifying the difficulties and remaining issues in deploying each class of solutions. Our examination of the solution space shows that monitoring is an essential component in securing the routing system, and that the “detect and react” class of solutions have the lowest hurdle in deployment and thus are most readily acceptable by the network operational community.
Ricardo V. Oliveira, Mohit Lad, Lixia Zhang