Border Gateway Protocol and insecurity

The “three-napkins protocol,” officially known as the Border Gateway Protocol (BGP), was intended to be a quick fix, but it still governs how long-haul traffic flows through cyberspace. Yakov Rekhter and Kirk Lougheed created the Border Gateway Protocol in January 1989. While they were sketching their plan on three napkins for routing data across the Internet, they had never anticipated the potential security issues that might arise by using the BGP, as people at that age would not use it as a mean to perform malicious actions.

BGP is a set of rules that help routers decide how to send data across the Internet. It is built to automatically trust users, which may work on smaller scale of networks but exposes users to become vulnerable to global attack. Computer engineers have been attempting to eliminate the security concerns over BGP, and the first step is to create a new system of secure cryptographic keys for networks. Currently, this new system has been implemented 5% globally with a goal of 100%.

Sharon Goldberg, an associate professor of computer science at Boston University and Hariri Institute Faculty Fellow, commented “You might laugh to see 5 percent, but do you know how much work it took to get here?” She added, “Whether it’s going to be five years or 10 years or 20 years [more for full deployment], I don’t know.”

The Washington Post article, Net of Insecurity, part 2, The Long Life of A quick ‘fix’ [Read More]