Internet Hardening via Routing Registries

The Internet in its current form relies on extensive cooperation between network operators to ensure the integrity and security of its core infrastructure. Here we describe how routing registries can be used to improve the security of the Internet infrastructure in general and the BGP routing protocol in particular. Routing registries can be used to generate accurate prefix filter lists as well as detect and protect against anomalous routes that can disrupt the flow of Internet traffic. In addition, when used with a hierarchical and distributed authority model, routing registries can be used to implement a scalable solution to the problem of hardening the Internet. Due to the smaller number of existing prefixes, IPv6 can serve as an ideal testbed to demonstrate the ideas, which when proven can also be implemented in IPv4. The success of the proposed approach lies in ensuring that the data in the routing registries is valid and accurate. Merit Networks, which manages the Routing Assets Database (RADB), is developing a suite of tools to enable users to easily view, analyze and update their routing assets information. Merit operates the largest IP network in Michigan, and manages the North American Network Operators Group (NANOG), the leading forum for information sharing and collaboration among network service providers. It is clear that any effort to harden the Internet infrastructure will require extensive cooperation among network service providers, and it will need to be implemented in an incremental fashion. There is no single solution to security. Security needs to be added to the Internet at all levels. Here we describe the role routing registries can play in helping to secure the Internet infrastructure.