Abstract
The inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the reliability of the Internet routing system, but forged routes generated by malicious attacks or mis-configurations may devastate the system. The security problem of BGP has attracted considerable attention, and although several solutions have been proposed, none of them have been widely deployed due to weaknesses such as high computational cost or potential security compromise. This paper proposes Fast Secure BGP (FS-BGP), an efficient mechanism for securing AS paths and preventing prefix hijacking by signing critical AS path segments. We prove that FS-BGP can achieve a similar level of security as S-BGP, but with much higher efficiency. Our experiments use BGP UPDATE data collected from real backbone routers. Compared with S-BGP, FS-BGP only requires a very small cache, and can reduce the cost of signing and verification by orders of magnitude. Indeed, the signing and verification can be accomplished as fast as the most bursty BGP UPDATE arrivals, which implies that FS-BGP will hardly delay the propagation of routing information.
This work is supported by (1) the National Key Technology R&D Program of China under Grant No. 2008BAH37B03, and (2) the National Basic Research Program of China (973 Program) under Grant No. 2009CB320502.
Chapter PDF
Similar content being viewed by others
References
The routeviews project (2009), http://www.routeviews.org
Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., Meyer, D., Bates, T., Karrenberg, D., Terpstra, M.: RFC 2622, routing policy specification language, RPSL (1999), http://tools.ietf.org/html/rfc2622
Bellovin, S.M., Gansner, E.R.: Using link cuts to attack Internet routing (2003), http://hdl.handle.net/10022/AC:P:9052
Gao, L., Rexford, J.: Stable Internet routing without global coordination. IEEE/ACM Trans. Netw. 9(6), 681–692 (2001)
Goldberg, S., Schapira, M., Hummon, P., Rexford, J.: How secure are secure interdomain routing protocols? In: SIGCOMM (2010)
Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P.D., Rubin, A.D.: Working around BGP: An incremental approach to improving security and accuracy in interdomain routing. In: NDSS (2003)
Hu, Y.C., Perrig, A., Sirbu, M.A.: SPV: secure path vector routing for securing BGP. In: SIGCOMM, pp. 179–192 (2004)
Karlin, J., Forrest, S., Rexford, J.: Pretty good BGP: Improving BGP by cautiously adopting routes. In: ICNP, pp. 290–299 (2006)
Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18, 103–116 (2000)
Nicol, D.M., Smith, S.W., Zhao, M.: Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Modelling Practice and Theory 12(3-4), 187–216 (2004)
Oliveira, R., Zhang, B., Pei, D., Izhak-Ratzin, R., Zhang, L.: Quantifying path exploration in the Internet. In: Proc. of the 6th ACM SIGCOMM Internet Measurement Conference (IMC), Rio de Janeriro, Brazil (2006)
van Oorschot, P.C., Wan, T., Kranakis, E.: On interdomain routing security and pretty secure BGP (psBGP). ACM Trans. Inf. Syst. Secur. 10(3) (2007)
Rekhter, Y., Li, T., Hares, S.: RFC 4271: Border gateway protocol 4 (2006), http://tools.ietf.org/html/rfc4271
RIPE: Youtube hijacking: A ripe ncc ris case study (2008), http://www.ripe.net/news/study-youtube-hijacking.html
RIPE NCC: Resource certification (2011), http://ripe.net/certification/
Subramanian, L., Roth, V., Stoica, I., Shenker, S., Katz, R.H.: Listen and whisper: Security mechanisms for BGP. In: NSDI, pp. 127–140 (2004)
Turner, S.: BGP algorithms, key formats, & signature formats (2011), http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs
Wang, J.H., Chiu, D.M., Lui, J.C.S., Chang, R.K.C.: Inter-as inbound traffic engineering via ASPP. Transactions On Network And Service Management 3(1) (2007)
White, R.: Architecture and deployment considerations for secure origin BGP (2006), http://tools.ietf.org/html/draft-white-sobgp-architecture
Xiang, Y., Yin, X., Wang, Z., Wu, J.: Internet flattening: Monitoring and analysis of inter-domain routing. In: IEEE ICC (2011)
Zmijewski, E.: Threats to internet routing and global connectivity (2008), http://www.renesys.com/tech/presentations/pdf/20thAnnualFIRST.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Xiang, Y., Wang, Z., Wu, J., Shi, X., Yin, X. (2012). Sign What You Really Care about – Secure BGP AS Paths Efficiently. In: Bestak, R., Kencl, L., Li, L.E., Widmer, J., Yin, H. (eds) NETWORKING 2012. NETWORKING 2012. Lecture Notes in Computer Science, vol 7289. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30045-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-30045-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30044-8
Online ISBN: 978-3-642-30045-5
eBook Packages: Computer ScienceComputer Science (R0)