RIPE 52 Plenary Presentations Wednesday, 26 April 2006

9:00-10:30

Title: Perils of Transitive Trust in the Domain Name System
Speaker: Emin Gun Sirer
Abstract: The Domain Name System, DNS, is based on nameserver delegations, which introduce complex and subtle dependencies between names and nameservers.

In this paper, we present results from a large scale survey of DNS, and show that these dependencies lead to a highly insecure naming system.

We report specifically on three aspects of DNS security: the properties of the DNS trusted computing base, the extent and impact of existing vulnerabilities in the DNS infrastructure, and the ease with which attacks against DNS can be launched.

The survey shows that a typical name depends on 46 servers on average, whose compromise can lead to domain hijacks, while names belonging to some countries depend on a few hundred servers. An attacker exploiting well-documented vulnerabilities in DNS nameservers can hijack more than 30% of the names appearing in the Yahoo and DMOZ.org directories. And certain nameservers, especially in educational institutions, control as much as 10% of the namespace.

Title: The Impact of anycast on Root DNS Servers. The Case of K-root
Speaker: Lorenzo Colitti
Abstract: Anycasting is increasingly being used in root DNS server deployments. However, while there is little doubt that it improves resilience, the effects of anycasting on other aspects of DNS service quality are not yet fully understood.

We examine the effects of anycast on the K-root name server, combining analysis of packet traces and server logs with active measurements to study its impact both on the quality of service perceived by clients and on server load-balancing. In contrast with other work, our results show that anycast is effective in decreasing latency and preserving node affinity, suggesting that its impact depends heavily on the topologies used. We also study the effects of deploying a new anycast node, finding that traffic is subtracted more from other root servers than from other nodes in the cloud, and that a nodes effectiveness depends to a very large extent on its location.

Title: DNS in Turkey
Speaker: Attila Ozgit

Title: Using Multi-Layer Routing to Provision Services Across MPLS/GMPLS Domain Boundaries
Speaker: Andrew Malis
Abstract: Network convergence naturally occurs to avoid the need for service specific infrastructures. However, as convergence occurs, the technology selected for the convergence layer (i.e. MPLS, IP, WDM, SDH, ATM) is influenced by the service mix that a carrier expects to carry in that particular portion of the network. This leads to different convergence technologies being chosen in different parts of the network.

The selection of different convergence technologies doesn't change the fact that customers are still going to request services that traverse the entire network. Consequently, control plane mechanisms must support the routing of service requests through a series of regions using dissimilar convergence layers. To facilitate this, the control plane needs to understand the multi-layer structure of the network, and how services requests are routed.

This talk will show how multi-layer routing methods can meet this requirement, and will include a discussion of the information necessary to represent the relationship between the resources in different layer networks. The talk also includes a practical example of how traffic between IP routers can be optimized between the routing and optical network layers.

Title: Current Policy Topics - A Worldwide View
Speaker: Filiz Yilmaz
Abstract: N/A

11:00-12:30

Title: BGP Security
Speaker: Russ Housley
Abstract: BGP provides critical routing infrastructure for the Internet. BGP is the basis for all inter-ISP routing. The current system is highly vulnerable to human errors, as well as a wide range of malicious attacks. Configuration errors are commonplace. BGP has been attacked, and more attacks seem very likely. BGP needs a comprehensive security solution, and that security solution will require buy-in from vendors, ISPs, and subscribers. Once we have the solution, deployment will probably to take many years.

The Internet cannot tolerate a flag day. Improved security must be deployed incrementally. Routers that implement the security solution must not harm routers that are ignorant of the security solution. Yet, the Internet routing system will remain vulnerable until all routers implement the security solution. At best, adjacent Autonomous Systems can provide a secure portion of the Internet routing system, but then they need to expand outwards.

Title: A PKI to Support Improved Internet Routing Security
Speaker: Stephen Kent
Abstract: Several proposals have but put forth for improving the security of routing in the public Internet, e.g., S-BGP, soBGP, and SPV. The ultimate goal of these proposals is to enable ISPs to verify the legitimacy of route advertisements received via BGP UPDATEs. A first step toward this goal is enabling an ISP to verify that an Autonomous System (AS) is authorized to originate routes to specified blocks of IP addresses.

This presentation describes a PKI designed to support these goals, through the issuance of X.509 digital certificates to resource holders. It makes use of the certificate extension defined in RFC 3779, to represent address space and AS number allocations.

The PKI parallels the existing organizational structure by which these resources are managed (RIRs, LIRs/NIRs, and ISPs), hence no new "trusted" entities are introduced.

Unlike a conventional PKI, this one does not issue certificates to identify resource holders, but rather enables Route Origination Authorizations (ROAs) to be verified as having been digitally signed by the resource holder, whoever that may be. A repository system for distribution of the PKI data, and ROAs is also described.

Title: DNS Activity at IETF 65
Speaker: Olaf Kolkman
Abstract: N/A