Internet Insecurity: A Primer on BGP
Physicians can now adjust pacemakers wirelessly, a helpful innovation that also makes it possible to kill someone by hacking into the device. We can pay bills online, but that convenience also comes with a cost: in 2014, hackers accessed the accounts of 83 million clients of JPMorgan Chase. The US military defense, power utilities, and water treatment plants, among other critical systems, are all digital, and while that technology improves efficiency, it exposes our country’s infrastructure to cyber attacks.
The same technology that powers many of society’s greatest scientific advancements brings with it vulnerabilities that impact every aspect of our lives, from our bodies to our bank accounts to our national security. The liability is built into the internet, which was devised in the 1960s as an open-access platform for research. It’s the open-access architecture that now makes internet security seem like an oxymoron.
The internet has become so critical to our society that addressing its weaknesses is like “operating on a live patient,” says Mark Crovella, a College of Arts & Sciences computer science professor and department chair. CAS computer scientists are taking on the challenge of securing a platform designed for open access while protecting our liberties.
We don’t often think about what happens when we hit “Send,” but the internet’s architecture determines whether our emails end up where we want them to go. And it’s easier than you might think to mess with that architecture. In 2010, a Chinese service provider hijacked the internet, stealing 15 percent of the world’s traffic for 18 minutes. The stolen traffic included communications meant for the Pentagon, the US Senate, and the office of the Secretary of Defense, as well as other networks, like Microsoft and Yahoo. And while China claimed that the hijacking was an accident (an assertion impossible to verify), the incident revealed deeply embedded flaws in the internet’s architecture.
The internet is made up of tens of thousands of independently operated networks (a large employer might be one network; Verizon, another) interconnected via the Border Gateway Protocol (BGP). Every computer in every network has a unique Internet Protocol (IP) address, like every phone has a number. In the absence of a central internet authority, the system functions on trust: there’s no way to prevent networks from lying about the addresses they own, so one network can hijack another’s traffic just by claiming its addresses—it’s almost as if you told the post office you owned your neighbor’s house and asked it to deliver all the mail for that address to you. Developing fixes for insecurities like this one can be like patching a dam—plug one hole and the pressure shifts, forcing water out of a new one.
Read more...
Source: BU Today and bu Channel (YouTube)