Secure Protocols for the Routing Infrastructure

The National Strategy to Secure Cyberspace (NSSC) calls out the fact that there are problems with the existing Internet infrastructure. As a step toward fulfilling its responsibility for coordinating implementation of the NSSC with respect to the routing infrastructure, DHS has instituted the Secure Protocols for the Routing Infrastructure (SPRI) Program within the S&T Directorate.

Motivation

The commercial private sector and the federal sector (both civilian and defense) have adopted the use of the Internet as a critical component of accomplishing their missions. The use of Internet technology has provided many benefits, but has also made the operation of those sectors vulnerable to accidents and to attacks that target the Internet infrastructure. The objective of the SPRI program is to ensure the security of the Internet routing infrastructure so that it is reliable in the event of accidents or deliberate malicious behavior.

Routing in the Internet is a very complex task involving operations like physical address determination, selection of inter-network gateways, and forwarding messages to the correct destination. In order for these tasks to be accomplished, many infrastructure protocols such as RIP, OSPF, IS-IS, BGP have been developed and deployed. Securing these routing protocols for reliable, persistent communication has been widely acknowledged as an important problem, yet there is a lack of consensus and motivation to derive common and widely deployable standard techniques to mitigate these problems.

Approach

Through this roadmap, we aim to bring together the various facets of creating secure protocols for the routing infrastructure, namely:

Highlight important problems
Examine existing approaches to mitigate or work around these problems
Facilitate development of approaches that address the larger problem of routing security
Identify barriers to deployment
Identify key players in each realm: Targeted Adopters and Early Adopters
Develop robust transitioning mechanisms
Identify useful metrics and measurements for validation
Identify and create opportunities for education and awareness programs tailored for each problem
Identify tools and resources for the operator, vendor and ISP community
Develop a timeline to achieve these goals

The roadmap document can be found here.