Advertisement

Securing the Border Gateway Protocol: A Status Update

  • Stephen T. Kent
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2828)

Abstract

The Border Gateway Protocol (BGP) is a critical component of the Internet routing infrastructure, used to distribute routing information between autonomous systems (ASes). It is highly vulnerable to a variety of malicious attacks and benign operator errors. Under DARPA sponsorship, BBN has developed a secure version of BGP (S-BGP) that addresses most of BGP’s architectural security problems. This paper reviews BGP vulnerabilities and their implications, derives security requirements based on the semantics of the protocol, and describes the S-BGP architecture. Refinements to the original S-BGP design, based on interactions with ISP operations personnel and further experience with a prototype implementation are presented, including a heuristic for significantly improving performance. The paper concludes with a comparison of S-BGP to other proposed approaches.

Keywords

Border Gateway Protocol Status Update Security Architecture Border Router Update Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Rekhter, Y., Li, T.: A Border Gateway Protocol 4 (BGP-4). RFC 1771 (March 1995)Google Scholar
  2. 2.
    Kent, S., Lynn, C., Seo, K.: Secure Boarder Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18(4) (April 2000)Google Scholar
  3. 3.
    Villamizar, C., Chandra, R., Govindan, R.: BGP Route Flap Damping. RFC 2439 (November 1998)Google Scholar
  4. 4.
    Smith, B.R., Garcia-Luna-Aceves, J.J.: Securing the Border Gateway Routing Protocol. In: Proceedings of Global Internet 1996 (November 1996)Google Scholar
  5. 5.
    Smith, B.R., Murphy, S., Garcia-Luna-Aceves, J.J.: Securing Distance-Vector Routing Protocols. In: Symposium on Network and Distributed System Security (February 1997)Google Scholar
  6. 6.
    Kumar, B.: Integration of Security in Network Routing Protocols. ACM SIGSAC Review 11(2) (Spring 1993)Google Scholar
  7. 7.
    Murphy, S.: Panel presentation on Security Architecture for the Internet Infrastructure. In: Symposium on Network and Distributed System Security (April 1995)Google Scholar
  8. 8.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (November 1998)Google Scholar
  9. 9.
    Glenn, R., Kent, S.: The NULL Encryption Algorithm and its Use with IPsec. RFC 2410 (November 1998)Google Scholar
  10. 10.
    Kent, S., Atkinson, R.: IP Encapsulating Security Payload (ESP). RFC 2406 (November 1998)Google Scholar
  11. 11.
    Maughan, D., Schertler, M., Schneider, M., Turner, J.: Internet Security Association and Key Management Protocol (ISAKMP). RFC 2408 (November 1998)Google Scholar
  12. 12.
    Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2406 (November 1998)Google Scholar
  13. 13.
    Chandra, R., Traina, P., Li, T.: BGP Communities Attribute. RFC 1997 (August 1996)Google Scholar
  14. 14.
    Traina, P.: Autonomous System Confederations for BGP. RFC 1965 (June 1996)Google Scholar
  15. 15.
    Bates, T., Chandra, R., Katz, D., Rekhter, Y.: Multiprotocol Extensions for BGP-4. RFC 2283 (February 1998)Google Scholar
  16. 16.
    Heffernan, A.: Protection of BGP Sessions via the TCP MD5 Signature Option. RFC 2385 (August 1998)Google Scholar
  17. 17.
    Bates, T., Bush, R., Li, T., Rekhter, Y.: DNS-based NLRI origin AS verification in BGP. Presentation at NANOG 12 (February 1998), http://www.nanog.org/mtg-9802
  18. 18.
    Eastlake III, D., Kaufman, C.: Domain Name System Security Extensions. RFC 2065 (January 1997)Google Scholar
  19. 19.
    Alaettinoglu, C., Bates, T., Gerich, E., Karrenberg, D., Meyer, D., Terpstra, M., Villamizar, C.: Routing Policy Specification Language (RPSL). RFC 2280 (January 1998)Google Scholar
  20. 20.
    Hu, Y.-C., Perrig, A., Johnson, D.: Efficient Security Mechanisms for Routing Protocols. In: Network and Distributed System Security Symposium (February 2003)Google Scholar
  21. 21.
    Perlman, R.: Network Layer Protocols With Byzantine Robustness. MIT/LCS/TR-429 (October 1988)Google Scholar
  22. 22.
    Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., Rubin, A.: Working Around BGP: An Incremental Approach to Improving Security and Accuracy for Interdomain Routing. In: Network and Distributed System Security Symposium (February 2003)Google Scholar
  23. 23.
    Ng, J.: Extensions to BGP to Support Secure Origin BGP (soBGP), http://www.ietf.org/internet-drafts/draft-ng-sobgp-bgp-extensions-00.txt
  24. 24.
    Seo, K., Lynn, C., Kent, S.: Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP). In: DARPA Information Survivability Conference and Exposition (June 2001)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Stephen T. Kent
    • 1
  1. 1.BBN TechnologiesCambridgeU.S.

Personalised recommendations