Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

International Conference on Research in Networking

NETWORKING 2012: NETWORKING 2012 pp 259–273Cite as

  1. Home
  2. NETWORKING 2012
  3. Conference paper
Sign What You Really Care about – Secure BGP AS Paths Efficiently

Sign What You Really Care about – Secure BGP AS Paths Efficiently

  • Yang Xiang20,22,
  • Zhiliang Wang21,22,
  • Jianping Wu20,21,22,
  • Xingang Shi21,22 &
  • …
  • Xia Yin20,22 
  • Conference paper
  • 1622 Accesses

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 7289)

Abstract

The inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the reliability of the Internet routing system, but forged routes generated by malicious attacks or mis-configurations may devastate the system. The security problem of BGP has attracted considerable attention, and although several solutions have been proposed, none of them have been widely deployed due to weaknesses such as high computational cost or potential security compromise. This paper proposes Fast Secure BGP (FS-BGP), an efficient mechanism for securing AS paths and preventing prefix hijacking by signing critical AS path segments. We prove that FS-BGP can achieve a similar level of security as S-BGP, but with much higher efficiency. Our experiments use BGP UPDATE data collected from real backbone routers. Compared with S-BGP, FS-BGP only requires a very small cache, and can reduce the cost of signing and verification by orders of magnitude. Indeed, the signing and verification can be accomplished as fast as the most bursty BGP UPDATE arrivals, which implies that FS-BGP will hardly delay the propagation of routing information.

Keywords

  • Inter-Domain Routing
  • BGP
  • Prefix Hijacking
  • Security

This work is supported by (1) the National Key Technology R&D Program of China under Grant No. 2008BAH37B03, and (2) the National Basic Research Program of China (973 Program) under Grant No. 2009CB320502.

Download conference paper PDF

References

  1. The routeviews project (2009), http://www.routeviews.org

  2. Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., Meyer, D., Bates, T., Karrenberg, D., Terpstra, M.: RFC 2622, routing policy specification language, RPSL (1999), http://tools.ietf.org/html/rfc2622

  3. Bellovin, S.M., Gansner, E.R.: Using link cuts to attack Internet routing (2003), http://hdl.handle.net/10022/AC:P:9052

  4. Gao, L., Rexford, J.: Stable Internet routing without global coordination. IEEE/ACM Trans. Netw. 9(6), 681–692 (2001)

    CrossRef  Google Scholar 

  5. Goldberg, S., Schapira, M., Hummon, P., Rexford, J.: How secure are secure interdomain routing protocols? In: SIGCOMM (2010)

    Google Scholar 

  6. Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P.D., Rubin, A.D.: Working around BGP: An incremental approach to improving security and accuracy in interdomain routing. In: NDSS (2003)

    Google Scholar 

  7. Hu, Y.C., Perrig, A., Sirbu, M.A.: SPV: secure path vector routing for securing BGP. In: SIGCOMM, pp. 179–192 (2004)

    Google Scholar 

  8. Karlin, J., Forrest, S., Rexford, J.: Pretty good BGP: Improving BGP by cautiously adopting routes. In: ICNP, pp. 290–299 (2006)

    Google Scholar 

  9. Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18, 103–116 (2000)

    CrossRef  Google Scholar 

  10. Nicol, D.M., Smith, S.W., Zhao, M.: Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Modelling Practice and Theory 12(3-4), 187–216 (2004)

    CrossRef  Google Scholar 

  11. Oliveira, R., Zhang, B., Pei, D., Izhak-Ratzin, R., Zhang, L.: Quantifying path exploration in the Internet. In: Proc. of the 6th ACM SIGCOMM Internet Measurement Conference (IMC), Rio de Janeriro, Brazil (2006)

    Google Scholar 

  12. van Oorschot, P.C., Wan, T., Kranakis, E.: On interdomain routing security and pretty secure BGP (psBGP). ACM Trans. Inf. Syst. Secur. 10(3) (2007)

    Google Scholar 

  13. Rekhter, Y., Li, T., Hares, S.: RFC 4271: Border gateway protocol 4 (2006), http://tools.ietf.org/html/rfc4271

  14. RIPE: Youtube hijacking: A ripe ncc ris case study (2008), http://www.ripe.net/news/study-youtube-hijacking.html

  15. RIPE NCC: Resource certification (2011), http://ripe.net/certification/

  16. Subramanian, L., Roth, V., Stoica, I., Shenker, S., Katz, R.H.: Listen and whisper: Security mechanisms for BGP. In: NSDI, pp. 127–140 (2004)

    Google Scholar 

  17. Turner, S.: BGP algorithms, key formats, & signature formats (2011), http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs

  18. Wang, J.H., Chiu, D.M., Lui, J.C.S., Chang, R.K.C.: Inter-as inbound traffic engineering via ASPP. Transactions On Network And Service Management 3(1) (2007)

    Google Scholar 

  19. White, R.: Architecture and deployment considerations for secure origin BGP (2006), http://tools.ietf.org/html/draft-white-sobgp-architecture

  20. Xiang, Y., Yin, X., Wang, Z., Wu, J.: Internet flattening: Monitoring and analysis of inter-domain routing. In: IEEE ICC (2011)

    Google Scholar 

  21. Zmijewski, E.: Threats to internet routing and global connectivity (2008), http://www.renesys.com/tech/presentations/pdf/20thAnnualFIRST.pdf

Download references

Author information

Authors and Affiliations

  1. Tsinghua National Laboratory for Information Science and Technology (TNList), China

    Yang Xiang, Jianping Wu & Xia Yin

  2. Department of Computer Science & Technology, Tsinghua University, Beijing, 100084, China

    Zhiliang Wang, Jianping Wu & Xingang Shi

  3. Network Research Center, Tsinghua University, Beijing, P.R. China, 100084

    Yang Xiang, Zhiliang Wang, Jianping Wu, Xingang Shi & Xia Yin

Authors
  1. Yang Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhiliang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianping Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xingang Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xia Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telecommunications Engineering, Czech Technical University in Prague, Technicka 2, 166 27, Prague 6, Czech Republic

    Robert Bestak & Lukas Kencl & 

  2. Alcatel-Lucent, Bell Labs, 600 Mountain Avenue, 07974-0636, Murray Hill, NJ, USA

    Li Erran Li

  3. Instituto IMDEA Networks, Avenida del Mar Mediterraneo 22, Leganes, 28918, Madrid), Spain

    Joerg Widmer

  4. Tsinghua-ChinaCache Joint Laboratory, Tsinghua University, FIT 3-429, Haidian District, 100016, Beijing, China

    Hao Yin

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Xiang, Y., Wang, Z., Wu, J., Shi, X., Yin, X. (2012). Sign What You Really Care about – Secure BGP AS Paths Efficiently. In: Bestak, R., Kencl, L., Li, L.E., Widmer, J., Yin, H. (eds) NETWORKING 2012. NETWORKING 2012. Lecture Notes in Computer Science, vol 7289. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30045-5_20

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-30045-5_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30044-8

  • Online ISBN: 978-3-642-30045-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature