Dear RIPE,
Knowing how challenging it is to apply new technologies to current networks, in a collaboration between ETH, Princeton University, and University of Virginia, we constructed a system that provides security benefits for current Internet users while requiring minimal changes to networks. Our design can be built on top of the existing Internet to prevent routing attacks that can compromise availability and cause detrimental impacts on critical infrastructure – even given a low adoption rate. This provides benefits over other proposed approaches such as RPKI that only protects a route’s origin first AS, or BGPsec that requires widespread adoption and significant infrastructure upgrades.
Our architecture, called Secure Backbone AS (SBAS), allows clients to benefit from emerging secure routing deployments like SCION by tunneling into a secure infrastructure. SBAS provides substantial routing security improvements when retrofitted to the current Internet. It also provides benefits even to non-participating networks and endpoints when communicating with an SBAS-protected entity.
Our ultimate aim is to develop and deploy SBAS beyond an experimental scope. We have designed a survey to capture the impressions of the network operator community on the feasibility and viability of our design. The survey is anonymous and takes about 10 minutes to complete, including watching a brief 3-minute introductory video.
https://docs.google.com/forms/d/e/1FAIpQLSc4VCkqd7i88y0CbJ31B7tVXyxBlhEy_zsYZByx6tsKAE7ROg/viewform?usp=pp_url&entry.549791324=RIPE+mailing+list
We thank you for helping inform our further work on this project. We will be happy to share the results with the community.
With kind regards
Prateek Mittal, Adrian Perrig, Yixin Sun