On Mon, Oct 7, 2019 at 4:45 PM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Fri, Oct 04, 2019 at 03:52:26PM -0400, Phil Pishioneri <pgp+nanog@psu.edu> wrote a message of 9 lines which said:
Using Cloud Resources to Dramatically Improve Internet Routing UMass Amherst researchers to use cloud-based ‘logically centralized control’
Executive summary: it's SDN for BGP. Centralizing Internet routing, what could go wrong? (As the authors say, "One reason is there is no single entity that has a big picture of what is going on, no manager". I wonder who will be Internet's manager.)
Otherwise, an impressive amount of WTF. My favorite: "while communication by servers ___on the ground___ might take hundreds of milliseconds, in the cloud the same operation may take only one millisecond from one machine to another" I thought that universities were full of serious people, but university of Massachusets may be an exception?
I haven't found the actual work that is being referenced here, and I *am* quite skeptical based upon the title / premise -- but, I suspect (well, hope) that this is just another instance of complex technical material being munged by marketing / reporters into something unrecognizable -- note that "This article was originally published by the UMass News Office." Here is an abstract of one of Yang Song, Arun Venkataramani, Lixin Gao's earlier papers: "BGP is known to have many security vulnerabilities due to the very nature of its underlying assumptions of trust among independently operated networks. Most prior efforts have focused on attacks that can be addressed using traditional cryptographic techniques to ensure authentication or integrity, e.g., BGPSec and related works. Although augmenting BGP with authentication and integrity mechanisms is critical, they are, by design, far from sufficient to prevent attacks based on manipulating the complex BGP protocol itself. In this paper, we identify two serious attacks on two of the most fundamental goals of BGP-to ensure reachability and to enable ASes to pick routes available to them according to their routing policies-even in the presence of BGPSec-like mechanisms. Our key contributions are to (1) formalize a series of critical security properties, (2) experimentally validate using commodity router implementations that BGP fails to achieve those properties, (3) quantify the extent of these vulnerabilities in the Internet's AS topology, and (4) propose simple modifications to provably ensure that those properties are satisfied" I'm assuming that it this were passed through many company / university news / marketing orgs it would be translated into: "The core protocol that makes all of the Internet, all e-commerce, Internet banking and e-coin torrenting malware protection is vulnerable to hackers stealing your identity. All existing efforts have failed, because quantum computers can break cryptography. Our researchers have identified simple attacks which bypass all Internet security mechanisms and firewalls, and have demonstrated these vulnerabilities in the wild. In order to protect Internet banking and blockchain, and to ensure free elections, they have also developed a simple and effective new system keep everyone secure. Contact us at licensing@university.org to learn how to license this critical technology. Click <here> to enroll in University, where you too can learn to fix the Interwebs and earn lots of money." W -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf