Abstract
The Border Gateway Protocol (BGP) is a critical component of the Internet routing infrastructure, used to distribute routing information between autonomous systems (ASes). It is highly vulnerable to a variety of malicious attacks and benign operator errors. Under DARPA sponsorship, BBN has developed a secure version of BGP (S-BGP) that addresses most of BGP’s architectural security problems. This paper reviews BGP vulnerabilities and their implications, derives security requirements based on the semantics of the protocol, and describes the S-BGP architecture. Refinements to the original S-BGP design, based on interactions with ISP operations personnel and further experience with a prototype implementation are presented, including a heuristic for significantly improving performance. The paper concludes with a comparison of S-BGP to other proposed approaches.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Rekhter, Y., Li, T.: A Border Gateway Protocol 4 (BGP-4). RFC 1771 (March 1995)
Kent, S., Lynn, C., Seo, K.: Secure Boarder Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18(4) (April 2000)
Villamizar, C., Chandra, R., Govindan, R.: BGP Route Flap Damping. RFC 2439 (November 1998)
Smith, B.R., Garcia-Luna-Aceves, J.J.: Securing the Border Gateway Routing Protocol. In: Proceedings of Global Internet 1996 (November 1996)
Smith, B.R., Murphy, S., Garcia-Luna-Aceves, J.J.: Securing Distance-Vector Routing Protocols. In: Symposium on Network and Distributed System Security (February 1997)
Kumar, B.: Integration of Security in Network Routing Protocols. ACM SIGSAC Review 11(2) (Spring 1993)
Murphy, S.: Panel presentation on Security Architecture for the Internet Infrastructure. In: Symposium on Network and Distributed System Security (April 1995)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (November 1998)
Glenn, R., Kent, S.: The NULL Encryption Algorithm and its Use with IPsec. RFC 2410 (November 1998)
Kent, S., Atkinson, R.: IP Encapsulating Security Payload (ESP). RFC 2406 (November 1998)
Maughan, D., Schertler, M., Schneider, M., Turner, J.: Internet Security Association and Key Management Protocol (ISAKMP). RFC 2408 (November 1998)
Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2406 (November 1998)
Chandra, R., Traina, P., Li, T.: BGP Communities Attribute. RFC 1997 (August 1996)
Traina, P.: Autonomous System Confederations for BGP. RFC 1965 (June 1996)
Bates, T., Chandra, R., Katz, D., Rekhter, Y.: Multiprotocol Extensions for BGP-4. RFC 2283 (February 1998)
Heffernan, A.: Protection of BGP Sessions via the TCP MD5 Signature Option. RFC 2385 (August 1998)
Bates, T., Bush, R., Li, T., Rekhter, Y.: DNS-based NLRI origin AS verification in BGP. Presentation at NANOG 12 (February 1998), http://www.nanog.org/mtg-9802
Eastlake III, D., Kaufman, C.: Domain Name System Security Extensions. RFC 2065 (January 1997)
Alaettinoglu, C., Bates, T., Gerich, E., Karrenberg, D., Meyer, D., Terpstra, M., Villamizar, C.: Routing Policy Specification Language (RPSL). RFC 2280 (January 1998)
Hu, Y.-C., Perrig, A., Johnson, D.: Efficient Security Mechanisms for Routing Protocols. In: Network and Distributed System Security Symposium (February 2003)
Perlman, R.: Network Layer Protocols With Byzantine Robustness. MIT/LCS/TR-429 (October 1988)
Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., Rubin, A.: Working Around BGP: An Incremental Approach to Improving Security and Accuracy for Interdomain Routing. In: Network and Distributed System Security Symposium (February 2003)
Ng, J.: Extensions to BGP to Support Secure Origin BGP (soBGP), http://www.ietf.org/internet-drafts/draft-ng-sobgp-bgp-extensions-00.txt
Seo, K., Lynn, C., Kent, S.: Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP). In: DARPA Information Survivability Conference and Exposition (June 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kent, S.T. (2003). Securing the Border Gateway Protocol: A Status Update. In: Lioy, A., Mazzocchi, D. (eds) Communications and Multimedia Security. Advanced Techniques for Network and Data Protection. CMS 2003. Lecture Notes in Computer Science, vol 2828. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45184-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-45184-6_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20185-4
Online ISBN: 978-3-540-45184-6
eBook Packages: Springer Book Archive