We are pleased to state that our alumnus, Manav Bhatia (Electrical 2000) has been recently announced as one amongst the top 18 Indian Innovators under the age of 35 (TR35) by MIT's Technology Review India magazine for the year 2011. The award was given to him for his work on the Internet Routing Protocols Security.
2011 Young Innovators Under 35
Manav Bhatia, 32
Securing the Internet service provider’s routing network
PROTECTING INTERNET Manav Bhatia is working towards making enterprise and Internet routing network more secure
Routing in the Internet is a very complex task and routing protocols play the key role in ensuring that Internet works in a sane way. And Manav Bhatia's security and authentication algorithms help in making the routing protocols more secure and less susceptible to attacks, such as Denial of Service (DoS) or traffic redirection, so that data transfers happen seamlessly over the Internet.
Having spent a considerable amount of time studying and working in routing protocols, Manav started noticing that protocols were not as secure as they were always thought to be. He looked closely at how these protocols used the cryptographic authentication mechanisms and saw vulnerabilities in almost all the popular protocols deployed in the service provider and enterprise networks. Manav worked on the mechanisms that were defined by the Internet Engineering Task Force (IETF) standards and fixed the vulnerabilities. The IETF is a global community of network designers, operators, and researchers responsible for producing technical specifications for the evolution of the Internet architecture and smooth operation of the Internet. These standards are called Requests for Comments (RFCs). Bhatia has worked on various such standards for authentication and security of data. His standards have been adopted by the IETF and various router vendors.
A new working group, called KARP (keying and authentication for routing protocols), has been formed in IETF that aims to develop new standards for securing the routing packets as they transit a network. Manav is the co-author of two base documents that define how the work in KARP must be carried out.
He has published various standards like RFC 6039 that describe potential threats and how attackers could harm the networks despite using cryptographic authentication mechanisms in place. The RFC 5840 standard explains how firewalls can inspect the data that passes through it. RFC 5310 defines a new way to authenticate the IS-IS (intermediate system to intermediate system) packets and RFC 5709 provides a stronger way to protect the OSPF packets.
"Manav has been instrumental in driving the standards for securing the routing protocols (OSPF and IS-IS) that the service providers and enterprises depend upon. IETF is now working on fixing the issues that were found by Manav and he is spearheading that effort in different IETF working groups," says Srini Sundarajan, head of Alcatel-Lucent R&D Center in Bangalore.
Manav's innovation of introducing a Key ID in IS-IS helps the operators in maintaining key-agility so that an attacker cannot discover the key. The challenge is to change the security keys without affecting the routing session so that it doesn't bounce. Another challenge was to secure the IP header without implementing any tunnelling mechanism where the original IP payload is tunnelled inside another IP packet. Manav made it possible by including the important parts of the IP header in the crypto computation that both the sender and the receiver do when they receive an IP routing protocol packet.
"He is one of the primary contributors to the KARP working group where he has been innovating on solving some of the toughest problems of securing the routing protocols," adds Sundarajan. Most of Manav’s work has been published as standards (RFCs) which most router vendors all over the world are supporting in their implementations. These extensions are now available in the market and are being deployed and used by the service providers and enterprises.
For Chronicle, Yogesh K. Upadhyaya asks some questions to Manav Bhatia:
Q-1: Manav, congratulations for getting the award. What is this award about?
Technology Review is a MIT publication that honors the young innovators whose inventions and research they find most exciting. The idea is to choose young innovators who they believe are transforming technology. Today that collection is the TR35, a list of technologists and scientists, all under the age of 35. Their work spans across medicine, computing, communications, electronics, nanotechnology, energy and more.
This is the second year when they have done this specifically for India where they try to ferret out young innovators in the country. The 24-member jury has chosen 18 winners this time who they believe exemplify the spirit of innovation in business and technology.
You can find details of the TR35 program here: http://www.technologyreview.com/tr35/faq.aspx
I have been recognized for this award for my contribution in developing IETF standards for securing the Internet Routing infrastructure at the provider and enterprise networks.
Q-2: Can you describe your research work and how it helps?
IETF defines standards to secure the routing protocols that run in the service provider and the enterprise networks. People thought that their networks were secure as long as they used the security and authentication mechanisms defined in those standards. I worked on these mechanisms and found flaws in almost all the routing protocol security mechanisms that were employed; this work was published as RFC 6039. Around the same time there were other people asking the same question – Are our routing and signaling protocols really secure against attacks? I worked on OSPF and IS-IS and published standards (RFC 5709 and RFC 5310) that improved the security properties of these protocols. I am currently leading the effort on overhauling the security mechanisms of all these protocols within IETF.
An attack on the routing infrastructure can be done for internet traffic redirection. In this attack, the adversary is able to redirect traffic, enabling the attacker to modify the traffic in transit or simply sniff the packets before they reach the final destination.
The method conceivably could be used for corporate espionage, nation-state spying or even by intelligence agencies looking to mine internet data without needing the cooperation of ISPs.
An attack in the routing infrastructure can cause data traffic to follow a path other than one that would have been computed by the routing protocol if it were operating properly (i.e., if it were not under attack). As a result of an attack, a route may terminate at a router other than the one that legitimately represents the destination address of the traffic, or it may traverse routers other than those that it would otherwise have traversed. In either case, this allows an attacker to wiretap the traffic passively, or to engage in man-in-the-middle active attacks, including discarding traffic.
As a result of the work that I have done the provider network becomes more secure and less vulnerable to attacks.
Q-3: Please tell us about yourself
I work in the IP Division of Alcatel-Lucent. I am the IP/MPLS architect of the 7210 SAS series of routers that we have built from scratch out of the Bangalore R&D center.
I love cycling and long distance running and have participated in several marathons and duathlons conducted in and around Bangalore. I realized some time back that given the Bangalore traffic it would take me the same amount of time whether I cycle or drove to work. Ever since then I try to cycle as much as possible to work and encourage others to follow suit.
I was the vocalist of the band “Chain Reaction” in IT-BHU and the Western Music Secretary in the final year. I still listen to classic Rock and still get high on Floyd, Doors and Rush! Old habits die hard, eh?
*About TR35 program
Leave a comment(if you having troubles, try posting your comment on this page or send an email to chronicle @ itbhuglobal.org)
Institute of Technology, Banaras Hindu University
Varanasi 221005, UP