An Operational Approach to Validate the Path of BGP
BGP (Border Gateway Protocol) is a fundamental component of the current Internet infrastructure. However, BGP is vulnerable to a variety of attacks, since it cannot ensure the authenticity of the path attributes announced by BGP routers. Despite several solutions have been proposed to address this vulnerability, none of them is operational in real-world due to their immense impact on original BGP. In this paper, we propose a Deployable Path Validation Authentication scheme, which can effectively validate the path of BGP. Through analysis and simulation we show that this scheme has little impact on the performance and memory usage for the original BGP, and can be adopted in practice as an operational approach.
KeywordsBGP security AS Internet
Unable to display preview. Download preview PDF.
- 1.Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4), RFC4271Google Scholar
- 2.Lynn, C., Seo, K.: Secure BGP (S-BGP), http://www.ir.bbn.com/sbgp/draft-clynn-s-bgp-protocol-01.txt
- 3.White, R.: Architecture and Deployment Considerations for Secure Origin BGP (soBGP), http://tools.ietf.org/html/draft-white-sobgp-architecture-01
- 4.Bates, T., Rekhter, Y., Chandra, R., Katz, D.: Multiprotocol Extensions for BGP-4, RFC 2858Google Scholar
- 5.Murphy, S.: BGP Security Vulnerabilities Analysis, RFC 4272Google Scholar
- 7.Hu, Y.-C., Perrig, A., Sirbu, M.: SPV: Secure Path Vector Routing for Securing BGP. In: SIGCOMM 2004, pp. 179–192. ACM Press (2004)Google Scholar
- 8.Achieve Optimal Routing and Reduce BGP Memory Consumption, http://www.cisco.com/warp/public/459/41.shtml