Affiliation:
1. Carleton University, Ottawa, Canada
Abstract
It is well known that the Border Gateway Protocol (BGP), the IETF standard interdomain routing protocol, is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large-scale service disruption. In this paper, we present
Pretty Secure BGP (psBGP)
---a proposal for securing BGP, including an architectural overview, design details for significant aspects, and preliminary security and operational analysis. psBGP differs from other security proposals (e.g., S-BGP and soBGP) in that it makes use of a single-level PKI for AS number authentication, a decentralized trust model for verifying the propriety of IP prefix origin, and a rating-based stepwise approach for AS_PATH (integrity) verification. psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operation, e.g., using a PKI with a simple structure, with a small number of certificate types, and of manageable size. psBGP is designed to successfully defend against various (nonmalicious and malicious) threats from uncoordinated BGP speakers, and to be incrementally deployed with incremental benefits.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference57 articles.
1. Adams C. and Lloyd S. 2003. Understanding Public-Key Infrastructure 2nd Ed. Addison-Wesley Reading MA. Adams C. and Lloyd S. 2003. Understanding Public-Key Infrastructure 2nd Ed. Addison-Wesley Reading MA.
2. Origin authentication in interdomain routing
3. Barbir A. Murphy S. and Yang Y. 2004. Generic threats to routing protocols. Internet Draft. Barbir A. Murphy S. and Yang Y. 2004. Generic threats to routing protocols. Internet Draft.
4. Security problems in the TCP/IP protocol suite
5. A Look Back at "Security Problems in the TCP/IP Protocol Suite"
Cited by
55 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献