US Plots Major Upgrade to Internet Router Security

By Carolyn Duffy Marsan

The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for the Department of Homeland Security to quadruple its investment in research aimed at adding digital signatures to router communications.

DHS says its routing security effort will prevent routing hijack attacks as well as accidental misconfigurations of routing data. The effort is nicknamed BGPSEC because it will secure the Internet's core routing protocol known as the Border Gateway Protocol (BGP). (A separate federal effort is under way to bolster another Internet protocol, DNS, and it is called DNSSEC.)

Read about the six worst Internet routing attacks.

Douglas Maughan, program manager for cybersecurity R&D in the DHS Science and Technology Directorate, says his department's spending on router security will rise from around $600,000 per year during the last three years to approximately $2.5 million per year starting in 2009. (Read about "4 open source BGP projects being funded.")

"BGPSEC is going to take a couple of years to go through the process of development and prototypes and standardization," Maughan says. "We're really talking . . . four years out, if not longer, before we see deployment."

Experts hailed the move, saying BGP is one of the Internet's weakest links.

"The reason BGP problems are so serious is that they attack the Internet infrastructure, rather than particular hosts. This is why it is a DHS-type of problem," says Steve Bellovin, a professor of computer science at Columbia University who has worked with DHS on routing security.

BGP is "one of the largest threats on the Internet. It's incredible -- the insecurity of the routing system," says Danny McPherson, CSO at Arbor Networks. "Over the last 15 years, the security of the Internet routing system has done nothing but deteriorate."

McPherson says routing security has been a chicken-and-egg problem for the Internet engineering community.

"There doesn't exist a formally verifiable source for who owns what address space on the Internet, and absent that you can't really validate the routing system," McPherson says.

With its extra funding, DHS hopes to develop ways to authenticate IP address allocations as well as router announcements about how to reach blocks of IP addresses.

"The hijacking attempts that have gone on with routing are much more nefarious than the ones in the DNS," says Mark Kosters, CTO of the American Registry for Internet Numbers (ARIN), adding that DNS attacks tend to get more press. "People don't realize how open for attack the BGP structure is. The DHS effort is trying to close that all up."

BGP security targeted in 2003

The U.S. federal government first discussed the vulnerability of the Internet's routing system in its "National Strategy to Secure Cyberspace," which was issued in 2003. The Presidential directive identified two Internet protocols -- BGP and DNS -- that require modifications to make them more secure and robust.

Since then, the feds have made progress on adding authentication to DNS. Last fall, the U.S. federal government announced that it would adopt DNS security extensions known as DNSSEC across its .gov domain by the end of 2009. The feds also are exploring ways to deploy DNSSEC on the DNS root servers.

The federal push for DNSSEC gained momentum last summer after a significant DNS vulnerability was discovered. Security researcher Dan Kaminsky discovered a DNS bug that allows for cache poisoning attacks, with which a hacker redirects traffic from a legitimate Web site to a fake one without the user knowing.

DNSSEC prevents hackers from hijacking Web traffic by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption

Now the feds are looking to add digital signatures and a public-key infrastructure to routing information, which is vulnerable to attack when it is shared between numbering registries, ISPs and enterprises.

New BGP security measures would prevent incidents such as when Pakistan Telecom blocked YouTube's traffic in February 2008.

Bellovin says most famous router-security breaches, including the Pakistan incident, were accidents.

"More and more of them, though, are malicious," Bellovin adds. "Every few weeks, there will be a posting to [the North American Network Operators Group] about some prefix hijacking."

DHS to fund multiple efforts

DHS is funding two key initiatives related to enhancing routing security: Resource Public Key Infrastructure (RPKI), which adds authentication to the delegation of IP address blocks by the registries to ISPs and enterprises; and BGPSEC, which adds digital signatures to BGP announcements. (Maughan says he's modeling the BGPSEC initiative after the agency's DNSSEC effort, which has involved the National Institute of Standards and Technology [NIST] and the Internet Engineering Task Force [IETF].)

Related Content

• Aruba updates WLAN management software
• 'Amazing' worm attack infects 9 million PCs
• UK Ministry of Defence stung by rapidly spreading virus
• IDC: Oracle's X Factor: HP Oracle Exadata Storage Server and HP Oracle Database MachineWHITEPAPER
• AllSecure, nee RiftVault, protects passwords and info

• Beware Web Ads in Disguise
• Researcher: Worm infects 1.1M Windows PCs in 24 hours
• Where's the Priority for Security?
• New 11g Features in Oracle Developer Tools for Visual StudioWHITEPAPER
• Free, spamless, emailBLOG

View more related contentView all related articles

With RPKI, the regional Internet registries are putting together a public key infrastructure to authorize IP address delegations from the Internet Assigned Numbers Authority (IANA) to the five regional Internet registries, including ARIN. Then the registries would authenticate the assignment of IP addresses and IP routing prefixes known as autonomous systems that are used by network operators.

"The idea here is that you'd like the delegation of address space to be secure or signed so it is not forgeable," Maughan says, adding that the RPKI initiative deals with the administrative side of IP address delegation. "The reason that's important is that when you start to do the routing protocol [security], you want the registry or registrar or ISP to be able within the protocol to authenticate that the address space they're claiming to have is theirs."

APNIC, the Asia Pacific registry, and the European registry RIPE NCC are running RPKI prototypes. ARIN plans to offer a beta RPKI service in the second quarter, Kosters says.

Production-quality RPKI deployment is "still a couple of years out," Kosters adds.

"By the end of this year, the four biggest [registries] will be offering certificates to their members at least as a managed service," says Stephen Kent, chief scientist for information security at BBN Technologies. "The next big issue is getting the big ISPs who are their members involved. . . . The good news is that what we're talking about here requires no router hardware or software changes. That's an important thing to make it viable for the ISPs."

Despite its promise, RPKI is controversial because it gives unprecedented operational authority to IANA and the regional Internet registries. For example, RPKI opens up the possibility that the registries could purposefully stop routing traffic to a particular block of IP addresses from a rogue nation such as Iran or North Korea.

"If you use RPKI with BGP [security], you're fundamentally changing the Internet infrastructure. You're going from a distributed, autonomously operated routing structure to one with a root and authoritative sources," McPherson says. "We're going to have to accept that trade-off to secure the routing infrastructure.’’

The next step is securing BGP so that routing announcements are authorized. BGP maintains a table of IP routing prefixes that shows how blocks of IP addresses can be reached. Today, there is no way in BGP to tell whether a route announcement is real or spoofed.

BGP is used by ISPs as well as enterprises that multihome their networks, which involves using more than one carrier for continuity of operations.

At issue is how to add digital signatures to BGP so that ISPs and enterprises can authenticate BGP updates and prevent man-in-the-middle attacks that allow someone to redirect BGP traffic.

"Every instance of routing hijacks that have happened over the last several years are proof that [securing BGP] needs to be done," Maughan says. "The way that the bad guys can do this is essentially advertise that they own the address space, and if people have no way to prove otherwise, then the protocol supports the hijack."

The Internet engineering community needs to develop a standard for securing BGP that involves as little cryptographic overhead as possible. The two existing proposals -- Secure BGP (S-BGP) by BBN's Kent and Secure Origin BGP (SoBGP) by Cisco -- haven't been deployed because they require routers to manage too many layers of digital certificates, experts say.

Maughan says DHS plans to fund research related to S-BGP and SoBGP as well as new standards work within the IETF.

"There hasn't been any new work in BGP security in a few years," Kent says, adding that he hopes to receive some of the new DHS funding. "DHS is attempting to re-initiate this work."

A secure routing infrastructure will require enterprises to operate a certificate authority function so that they can digitally sign and certify that they own a particular IP address block and have the authority to subdelegate it, outsource it or make some other decisions about how its traffic is routed.

What securing BGP does is that "when somebody sends out an update that they are now routing traffic for a particular autonomous system, you can validate that because those BGP updates will be signed," Maughan says.

Major BGP attack needed?

Despite the federal efforts, some experts say the Internet engineering community needs a massive threat akin to the Kaminsky DNS bug before it will take action to secure BGP and the rest of the routing infrastructure.

"The real barrier to securing BGP is that we just haven't had a serious enough attack," Maughan says. "If people start losing significant money because there's some type of attack on the routing infrastructure, I think you'll see a whole lot more interest."

At last August's DEFCON show, a pair of security researchers detailed a BGP exploit that would allow an attacker to eavesdrop on unencrypted Internet traffic by tricking routers into re-directing traffic to the attacker's network. However, this type of BGP eavesdropping incident is rare.

"The most sophisticated attacks as was demonstrated at DEFCON are things that probably are not occurring very frequently because the bad guys have easier ways to accomplish what they are trying to do," Kent says.

The new BGPSEC funding falls under DHS’ Secure Protocols for Routing Infrastructure program. Maughan says the agency received an additional $12.5 million appropriation for cybersecurity R&D in the federal 2009 budget, and between $2 million and $3 million of that money will go to improving router security.

U.S. War College member insists Islam does not "promote kidnappings, beheadings and other unlicensed hostile actions"

from Jihad Watch

After posting a report regarding the U.S. Army War College's failure to examine Islam's war doctrines, including a faculty member's (Sherifa Zuhur's) assertions that Hamas has been "villainized" by the media, I received several e-mails from concerned people questioning Ms. Zuhur's "credentials" -- some alluded to her sincerity and intentions, or lack thereof -- to teach at the War College. One e-mail sent the following, rather telling, response made by Zuhur, after being asked to, "Tell us about your recent monographs on Islamic Rulings on Warfare and on Saudi Arabia":

I wrote Islamic Rulings on Warfare with my co-author Youssef Aboul-Enein to counteract the idea that Islam promotes kidnappings, beheadings and other unlicensed hostile actions as a matter of course.

We explored the literature on jihad and other forms of fighting, their ethical and tactical aspects, how these appear in modernist, revisionist views and are manipulated by extremists. My monograph, Saudi Arabia: Islamic Threat, Political Reform, and the Global War on Terror, examines the factors leading up to calls for political reform in the Kingdom, and the campaign against al-Qa`ida fi Jazirat al-`Arabiyyah which has been operating there. I call into question the grand strategy of the global war on terror, but conclude that its recommendation of increasing freedom and political participation has value.

Interesting. One must wonder, however, about some of her blanket assertions: Islam does not "promote" kidnappings? What about the inconvenient fact that the founder of Islam, Muhammad, whose sunna, or "example," must be literally adhered, regularly kidnapped people -- particularly women? As Serge Trifkovic reminds us:

Having established himself as the ruler of Medina, Muhammad attacked the Jewish tribe of Banu-‘l-Mustaliq in December of A.D. 626. His followers slaughtered many Jewish tribesmen and looted thousands of their camels and sheep. They also kidnapped 500 of their women. The night after the battle Muhammad and his brigands staged an orgy of rape. As one of the brigands, Abu Sa’id Khudri, later remembered, a legal problem needed to be resolved first: In order to obtain ransom from the surviving Jews for the captive women, Muslims had pledged not to violate them:

We were lusting after women and chastity had become too hard for us, but we wanted to get the ransom money for our prisoners. So we wanted to use the Azl [coitus interruptus]. We asked the Prophet about it and he said: "You are not under any obligation not to do it like that [contained in Sahih Bukhari, second only to the Koran in authority]."

More to the point, Koran 4:3 legitimizes forceful concubinage -- that is, forcefully kidnapping women and making them sex-slaves -- slaves who are counted as animals at that.

As for beheadings, perhaps Zuhur is not familiar with Koranic verses 5:33, 8:12, and 47:4 -- all of which sanction beheading the infidel? Koran 47:4 simply states “Therefore, when ye meet the infidels, strike off their heads; then when you have made wide slaughter among them, carefully tie up the remaining captives."

As for "other unlicensed hostile action," where does one begin? Here's one: Muhammad had assassins go to the home of a matron figure named Umm Qirfa, tie each of her legs to a different camel, and then drive the camels in separate directions until the old woman was split asunder (see Ibn Ishaq and al-Tabari). He also ordered the assassination of an old poet, and legitimized lying and deception to do so -- whence the famous Islamic maxim, "War is Deceit."

One therefore has no choice but to conclude that Ms Zuhur is being either disingenuous (taqiyya/kitman) or ignorant (sign of the times), or blindly utopian (typical academic) or all of the above -- either way, not fit to instruct post-9/11 America's forthcoming guardians. It's bad enough that this sort of fluff counts as "authoritative" around government types; but that it has also come to permeate one of the last bastions of American security, the U.S. Army War College -- just consider its name -- is beyond ominous.

Obama Supporters Desecrate US Flag

from the Gateway Pundit

The official flag of The Obama States of America was on display today in Baltimore:

Inside Charm City posted this on the US Flag Code: “The flag should never have placed upon it, nor on any part of it, nor attached to it any mark, insignia, letter, word, figure, design, picture, or drawing of any nature.”

Obama also announced his permanent campaign, Organizing for America, today to push his agenda on America. This sounds like an offshoot of his Marxist Youth Corps that he talked about back in November.

It's moves like this that may explain the sudden surge in firearm sales after the November election.

Obama promised to bring the country "a new Declaration of Independence" -- free from small thinking, prejudice and bigotry.

Hail King Obama: President for life

As Inauguration Day approaches and Barack Obama prepares to assume his first term as president, some in Congress are hoping to make it possible for the Democrat to not only seek a second term in office, but a third and fourth as well.

The U.S. House Committee on the Judiciary is considering a bill that would repeal the Constitution's 22nd Amendment prohibiting a president from being elected to more than two terms in office.....

Fresh Clues of Iranian Nuclear Intrigue

By GLENN R. SIMPSON and JAY SOLOMON

WASHINGTON -- U.S. security and law-enforcement officials say they have fresh evidence of recent efforts by Iran to evade sanctions and acquire metals from China used in high-tech weaponry, including long-range nuclear missiles.

Iran's efforts are detailed in a series of recent emails and letters between Iranian companies and foreign suppliers seen by The Wall Street Journal. Business records show one Iranian company, ABAN Commercial & Industrial Ltd., has contracted through an intermediary for more than 30,000 kilograms (about 66,000 pounds) of tungsten copper -- which can be used in missile guidance systems -- from Advanced Technology & Materials Co. Ltd. of Beijing. One March 2008 email between the firms mentions shipping 215 ingots, with more planned.

The United Arab Emirates has informed the U.S. that in September it intercepted a Chinese shipment headed to Iran of specialized aluminum sheets that can be used to make ballistic missiles. A month earlier, UAE officials also intercepted an Iran-bound shipment of titanium sheets that can be used in long-range missiles, according to a recent letter to the U.S. Commerce Department from the UAE's Washington ambassador.

Evidence of Iran's efforts to acquire sensitive materials also is emerging from investigations by state and federal prosecutors in New York into whether a number of major Western banks illegally handled funds for Iran and deliberately hid Iranian transactions routed through the U.S. One focus of the inquiries is the role of Italy, including the Rome branch of Iran's Bank Sepah and Italy's Banca Intesa Sanpaolo Spa. Banca Intesa said it is cooperating in the inquiries.

The developments could present President-elect Barack Obama with an early test in responding to what many Washington security officials now say is a rapidly growing threat to the region, including U.S. allies Israel and Saudi Arabia.

All of the high-performance metals Iran has been acquiring also have industrial uses such as commercial aviation and manufacturing, making it difficult for intelligence agencies to be absolutely certain how the materials are being used. "We can't say we know it would, or would not, be used for military purposes," said proliferation expert Gary Milholland of the nonprofit Wisconsin Project on Nuclear Arms Control, noting that broad economic sanctions on Tehran led by the U.S. mean Iran has to go to unusual lengths to find high-grade materials for industrial use as well as weapons.

Still, he added, "There doesn't seem to be any real doubt or debate whether Iran is going for the bomb or whether Iran is using front companies to import things. Everyone agrees on that around the world."

Officials at the International Atomic Energy Agency said they believe Iran could have enough fissile material for an atomic weapon sometime this year, though it would need to be further processed into weapons-grade uranium. That assessment was echoed Thursday by Central Intelligence Agency Director Michael V. Hayden. U.S. and European governments have grown increasingly alarmed in recent months at the speed they believe Iran is developing ballistic-missile and nuclear capabilities. Last year the United Nations Security Council, which includes China, formally imposed sanctions on Iran's military and most of its banks for nuclear proliferation activities.

A spokesman for Iran at its U.N. mission in New York declined to comment. China "has been strictly implementing" U.N. proliferation sanctions on Iran, said a spokesman for the Chinese foreign ministry in Beijing. The export of restricted items such as high-grade metals, which include specialized aluminum and titanium, is prohibited, he added.

The patchwork of proliferation agreements don't cover certain materials. Sales to Iran of a powdered form of tungsten copper are prohibited by a nonproliferation accord China has agreed to adhere to, but documents about Iran's tungsten copper purchases refer to ingots, which aren't banned in the agreement though they can be used to make missiles. High-grade tungsten copper alloy withstands ultrahigh temperatures and thus can be used in the fins of long-range missiles to greatly enhance their accuracy, according to proliferation experts.

George Perkovich of the pro-disarmament Carnegie Endowment for International Peace said use of the ingots may be an attempt to legally circumvent the restrictions. Chinese merchants, he said, "take a legalistic approach to whether it is prohibited under the treaties," while on the Iranian side, "if there's a problem where somebody's not supposed to sell them stuff, their view is, that's the sellers' problem.' "

Because of economic sanctions and the small size of Iranian banks, the banks have long relied on big European multinational banks to finance their international trade and wire transfers. Many of those transfers flowed through New York City.

Documents detailing Iran's metals acquisition efforts are being reviewed by U.S. law-enforcement and intelligence officials, people involved in the matter said. Manhattan District Attorney Robert Morgenthau said he is conducting a broad inquiry into illegal transactions by Iran. Last week, Lloyds TSB of London agreed to pay $350 million to settle U.S. sanctions-busting charges with Mr. Morgenthau's office and the Justice Department. The bank admitted it violated U.S. law but said the practice has ceased.

"There are nine other banks that we think were doing this," said Mr. Morgenthau in an interview, including Barclays PLC of the U.K. A Barclays spokesman had no comment beyond a prior disclosure confirming the inquiry. Other banks under scrutiny in the probe include Credit Suisse and Deutsche Bank, people with knowledge of the inquiries said. Credit Suisse "is cooperating with the New York County District Attorney's Office, the U.S. Department of Justice and other governmental authorities," the bank said in a statement. A Deutsche Bank spokesman declined to comment.

ABAN Commercial & Industrial Ltd. had accounts at the Rome branch of Iran's government-owned Bank Sepah, records show. Bank Sepah has longstanding ties to Banca Intesa, although no evidence has surfaced to date showing that Banca Intesa facilitated illegal acquisitions of sensitive materials by ABAN, people with knowledge of the matter said.

ABAN is run by two top officials of Iran's Aviation Industries Organization, the documents show. That agency is already under U.S. and U.N. sanctions. Efforts to contact the firm by phone and fax for comment were unsuccessful.

An Oct. 14, 2007, invoice says ABAN contracted for 30,900 kilograms of tungsten copper alloy from a firm in China in exchange for €2.1 million ($2.8 million). Additional orders were made in 2008, according to a March 27, 2008, email to ABAN from Advanced Technology & Materials Co. "I was very happy talking to you on the phone," an AT&M executive told an executive at ABAN in the email. "By now we had sent 215 pieces" of tungsten copper, he added.

ABAN didn't respond to requests for comment. Dan Hong, a lawyer for AT&M, said in an email that AT&M received warnings several months ago of allegations "that we have business dealings with Iran." But he said the firm has never heard of ABAN. "AT&M never signed any contracts with and exported to Iran" the specialized metal, he added. "We checked our business records carefully."

Records show AT&M supplied the tungsten copper to an intermediary firm called Liaoning Industry & Trade Co. Ltd. That firm couldn't be reached for comment.

Another document reviewed by the Journal is a Jan. 10, 2007, message from an executive at a Chinese metals company to Shahid Sayyadi Shirazi Industries of Iran, regarding the impact of U.S. banking sanctions on payment for a shipment of unknown material. Marked "Top Urgent!" the letter observes that the payment was arranged through Bank Sepah.

The Chinese executives "are worrying the payment may be blocked by USA or UK government through their bank/treasury system," states the letter, from an executive other business records show had shipped tungsten copper to Iran. "You are kindly required to consider the matter and check carefully and seriously with Bank Sepah if the payment can be effected safely under the current situation."

Bank Sepah has denied financing illicit weapons programs. Shahid Sayyad Shirazi Industries is part of Iran's Ammunition Industries Group, according to the Wisconsin Project on Nuclear Arms Control, and has been under U.N. sanctions since March 24, 2007. Efforts to contact the firm for comment were unsuccessful.

—Sabrina Cohen and Siobhan Gorman contributed to this article.