"BGP has no native way to verify that a network claiming to own a block of addresses actually does. Route hijacks reroute traffic through hostile networks. Route leaks knock services offline. Nation-state cyber crews weaponize BGP to intercept communications at scale. These are not theoretical threats. They are documented, recurring events, and they remain possible today."
"A series of patches and extensions like Resource Public Key Infrastructure (RPKI), BGPsec, and RPKI-based Route Origin Authorization (ROA) have been layered over the original protocol in an attempt to address the worst of these vulnerabilities. They help at the margins. They do not solve the underlying problem."
"SCION, which stands for Scalability, Control, and Isolation On Next-Generation Networks, is an internet routing architecture developed at ETH Zürich. Unlike the patches applied to BGP, SCION does not attempt to retrofit security onto a 40-year-old foundation. It replaces the foundation entirely."
BGP was designed for functionality and scale rather than security, enabling four decades of exploitation through route hijacks, leaks, and nation-state interception. Patches like RPKI and BGPsec address marginal vulnerabilities but cannot solve the fundamental problem: BGP cannot verify that networks actually own their address blocks. SCION, developed at ETH Zürich by Adrian Perrig, represents a fundamentally different approach. Rather than retrofitting security onto the aging protocol, SCION replaces BGP's entire foundation with a new internet routing architecture designed with security as a core principle from inception.
#bgp-security-vulnerabilities #internet-routing-architecture #scion-protocol #cybersecurity-infrastructure #route-hijacking-and-leaks
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]