Skip to main content
SpringerLink
Log in
Book cover

European Public Key Infrastructure Workshop

EuroPKI 2006: Public Key Infrastructure pp 116–129Cite as

An Infrastructure Supporting Secure Internet Routing

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 4043)

Abstract

The Border Gateway Protocol (BGP) [1] is the foundation of inter-domain Internet routing. A number of papers have described how BGP is highly vulnerable to a wide range of attacks [2, 3], and several proposals have been offered to secure BGP [4, 5, 6, 7, 8]. Most of these proposed mechanisms rely on a PKI, to provide trusted inputs for routing security mechanisms, to enable BGP routers to reject bogus routing advertisements. This paper provides a detailed proposal for a PKI, including a repository system, representing IP address allocation and Autonomous System number assignment,. This infrastructure offers a near term opportunity to improve routing security, since it does not require changes to routers, while also setting the stage for more comprehensive BGP security initiatives in the future.

Keywords

  • Address Space
  • Border Gateway Protocol
  • Validity Interval
  • Address Allocation
  • Address Block

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rekhter, Y., Li, T.: A Border Gateway Protocol 4 (BGP-4), RFC 4271 (2006)

    Google Scholar 

  2. Murphy, S.: BGP Security Vulnerabilities Analysis. RFC 4272 (2006)

    Google Scholar 

  3. Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)

    CrossRef  Google Scholar 

  4. Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., Rubin, A.: Working Around BGP: An Incremental Approach to Improving Security and Accuracy for Interdomain Routing. In: Network and Distributed System Security Symposium, pp. 75–85 (2003)

    Google Scholar 

  5. Hu, Y.-C., Perrig, A., Johnson, D.: Efficient Security Mechanisms for Routing Protocols. In: Network and Distributed System Security Symposium, pp. 57–73 (2003)

    Google Scholar 

  6. Wan, T., Kranakis, E., van Oorschot, P.C.: Pretty Secure BGP (psBGP). In: Network and Distributed System Security Symposium (2005)

    Google Scholar 

  7. Kent, S.: Securing BGP: S-BGP. The Internet Protocol Journal 6(3), 2–14 (2003)

    Google Scholar 

  8. White, R.: Securing BGP: soBGP. The Internet Protocol Journal 6(3), 15–22 (2003)

    Google Scholar 

  9. Seo, K., Lynn, C., Kent, S.: Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP). In: DARPA Information Survivability Conference and Exposition (2001)

    Google Scholar 

  10. Recommendation for Key Management - Part 1: General, NIST Special Publication, 800-857 (2005)

    Google Scholar 

  11. Arkko, J., et al.: SEcure Neighbor Discovery (SEND). RFC 3971 (2005)

    Google Scholar 

  12. Chokhani, S., Ford, W., Sabett, R., Merrill, C., Wu, S.: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, RFC 3647 (2003)

    Google Scholar 

  13. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure – Certificate and Certificate Revocation List (CRL) Profile, RFC 3280 (2002)

    Google Scholar 

  14. Lynn, C., Kent, S., Seo, K.: X.509 Extensions for IP Addresses and AS Identifiers, RFC 3779 (2004)

    Google Scholar 

  15. FIPS Federal Information Processing Standards Publication 140-2 (FIPS PUB 140-2), Security Requirements for Cryptographic Modules, Information Technology Laboratory, National Institute of Standards and Technology (2001)

    Google Scholar 

  16. Hodges, J., Morgan, R.: Lightweight Directory Access Protocol (v3): Technical Specification. RFC 3377 (2002)

    Google Scholar 

  17. Zhao, M., Smith, S., Nicol, D.: The Performance Impact of BGP Security. IEEE Network 19(5), 42–48 (2005)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. BBN Technologies, Cambridge, MA, 02138, USA

    Stephen Kent

Authors
  1. Stephen Kent
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dip. di Automatica ed Informatica, Politecnico di Torino, Corso Duca degli Abruzzi, 24, 10129, Turin, Italy

    Andrea S. Atzeni

  2. Dip. Di Automatica e Informatica, Politecnico di Torino, Corso Duca degli Abruzzi 24, 10129, Torino, Italy

    Antonio Lioy

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kent, S. (2006). An Infrastructure Supporting Secure Internet Routing. In: Atzeni, A.S., Lioy, A. (eds) Public Key Infrastructure. EuroPKI 2006. Lecture Notes in Computer Science, vol 4043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774716_10

Download citation

  • DOI: https://doi.org/10.1007/11774716_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-35151-1

  • Online ISBN: 978-3-540-35152-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

search

Navigation