Eric Osterweil, UCLA
BGP prefix hijacks are a known operational problem in the Internet. In this talk we propose BGP Origins; a system that uses both public
data (derived from sources such as RouteViews) to suggest stable prefix-to-origin mappings, and
information submitted by users that has been cryptographically signed by a PGP key. This talk will outline the design and usage of this
system.
Part of the difficulty in developing a prevention technique for prefix hijacking stems from the fact that it is very difficult
to determine the rightful origin for an announced prefix (and almost impossible to do so in an automated way). In BGP Origins, users are
able to use observed origin information and augment it with their own attestations (of prefix-to-origin mappings). BGP Origins does not
require a defacto PKI, and leverages concepts from PGP's Web of Trust. End users decide whose attestations they believe.
BGP Origins is accessible via DNS' standard protocol. Users are able to query for origin mappings based on prefixes and can submit their
own attestations using DNS updates. BGP Origins is intended to facilitate the operational practice of verifying proper origin mappings
and to allow an automated approach for this.
Bio:
Eric Osterweil is a Ph.D. student in Computer Science Department at the University of California, Los Angeles. His previous experience includes 8 years of industry software engineering, at companies including Micormuse (now owned by IBM) and Avaya. His current research interests center around Internet Security. He is the lead developer on the SecSpider project ( http://secspider.cs.ucla.edu - the first DNSSEC deployment monitoring system).
Link to the Presentation
Real Video Presentation
