By: Diane Stirling
(315) 443-8975

Research on vulnerabilities in the Internet’s Border Gateway Protocol in a study planned by School of Information Studies (iSchool) Professor Milton Mueller and postdoctoral researcher Dr. Brenden Kuerbis has received a National Science Foundation-funded award.

The $338,664 grant is supporting the project, “Beyond Technical Solutions: Understanding The Role of Governance Structures in Internet Routing Security,” to be conducted over the next two years.

The research is unique because it examines the issue of protocol security from the social science aspects of how data moves around the Internet, rather than from a technical stance, as other researchers have done, according to Dr. Mueller. The study also bridges a gap between computer science knowledge of Internet routing and social science theories of organization and networked governance.

The Border Gateway Protocol is a critically important technology for routing Internet data from its origins to its destinations, according to Dr. Mueller, and the researchers will examine the various kinds of filters or mechanisms internet service providers have used for “what were they doing, what they decide, who to trust, and who not to listen to among other internet service providers when they’re moving these packets around.” How those decisions are made “is not purely a technical process,” he said.

“People have looked in very technical ways at this problem, and have tried to set up various technical securities, but they haven’t looked at the organizational processes. That’s where the rubber hits the road. Even if you have the right technology, if you implement in an inefficient or flawed way, you may not be any better off than you are before,” he explained. “Vulnerabilities in the Border Gateway Protocol have caused and could continue to cause serious cybersecurity issues.”

The professor said the research team is expecting to have results fairly quickly “that will let us find out some interesting things about the role of internet service provider practices” and that “perhaps in a year or two, we might have some insights that may change the way people think about some of these problems.”

The interdisciplinary research methods being employed for the study combines data sets from computer science quantifying the number of routing security incidents, with network analysis techniques and the insights of institutional economics. Quantitative and qualitative methods will be used to assess the relationship between routing security incidents and the governance structures among ISPs that affect routing. The research also tests whether deployment of new routing security technologies actually affects the quantity and severity of routing incidents. The researchers will be collecting multiple data sources on routing incidents and plan to disseminate that data, as well as their research results, to a broad constituency of academics, policy makers, network operators, consultancies, and advocacy groups. 

Dr. Mueller has played a leading role in organizing and mobilizing civil society in the Internet Corporation for Assigned Names and Numbers (ICANN) and the Organisation for Economic Co-operation and Development (OECD). He also serves as chair of the Scientific Committee of the The Internet Governance Project (and was one of IGP’s founders); and serves as chair of the Steering Committee of the Global Internet Governance Academic Network (GiagNet). At the iSchool, he is on the governing board of the Center for Convergence and Emerging Network Technologies (CCENT). He is currently doing research on the IP addressing policy, the policy implications of Deep Packet Inspection technology, and the security governance practices of Internet service providers.

Kuerbis is a research consultant at the Internet Governance Project. A former fellow in Internet security governance at the Citizen Lab, Munk School of Global Affairs, University of Toronto, Kuerbis researches security standards for the Internet, ICANN, the emerging market in IPv4 addresses, domain name system security (DNSSEC), and the intersection of nation-state cybersecurity concerns with forms of Internet governance.