Integrating security in inter-domain routing protocols

Kumar, Brijesh; Crowcroft, Jon

doi:10.1145/165611.165615

Cited by 27 publications

(9 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2) Alternatives to PKI: Prior to the creation of BGP version 4, Kumar and Crowcroft [82] provide an analysis of threats to interdomain routing and described security mechanisms used in the proposed IDRP protocol [83].…”

Section: ) Reducing Computational Overheadmentioning

confidence: 99%

A Survey of BGP Security Issues and Solutions

et al. 2010

View full text Add to dashboard Cite

The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities currently existing within interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their designs considered. We note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further investigation into the problems and solutions of BGP security.

show abstract

Section: ) Reducing Computational Overheadmentioning

confidence: 99%

A Survey of BGP Security Issues and Solutions

et al. 2010

View full text Add to dashboard Cite

show abstract

“…More recently, Bellovin and Gansner [2003] discussed potential link-cutting attacks against Internet routing. Kumar and Crowcroft [1993] proposed the use of digital signatures and sequence numbers for protecting the integrity and freshness of routing updates. For a thorough analysis of BGP vulnerabilities and protections, see Murphy [2002aMurphy [ , 2002b.…”

Section: Related Workmentioning

confidence: 99%

On interdomain routing security and pretty secure BGP (psBGP)

Oorschot

Wan

Kranakis

2007

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

It is well known that the Border Gateway Protocol (BGP), the IETF standard interdomain routing protocol, is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large-scale service disruption. In this paper, we present Pretty Secure BGP (psBGP)-a proposal for securing BGP, including an architectural overview, design details for significant aspects, and preliminary security and operational analysis. psBGP differs from other security proposals (e.g., S-BGP and soBGP) in that it makes use of a single-level PKI for AS number authentication, a decentralized trust model for verifying the propriety of IP prefix origin, and a rating-based stepwise approach for AS PATH (integrity) verification. psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operation, e.g., using a PKI with a simple structure, with a small number of certificate types, and of manageable size. psBGP is designed to successfully defend against various (nonmalicious and malicious) threats from uncoordinated BGP speakers, and to be incrementally deployed with incremental benefits.

show abstract

“…He creates a neighbour-to-neighbour digital signature of routing updates, and adds sequence numbers, timestamps, acknowledgements and retransmissions to the updates so that modification or replay of routing updates for distance-vector algorithms is prevented. Based on previous work, Kumar and Crowcroft [19] describe the implementation of secret and public key authentication to encrypt neighbour-toneighbour updates. Murphy [20] provides a scheme for securing distance-vector protocols which requires the validation of a number of nested signatures equal to the number of routers in the route path.…”

Section: Cryptography-based Techniquesmentioning

confidence: 99%

Recent developments in securing Internet routing protocols

He¹

2006

BT Technol J

View full text Add to dashboard Cite

Routing protocols distribute network topology information around the routers of a network. They are part of the critical network infrastructure, but are vulnerable to both internal and external attacks. In this paper, different routing protocols are first introduced, followed by reviews of routing protocol security publications in academia and industry. The general vulnerabilities and threats of routing protocols are then analysed. The two major protection countermeasures for both linkstate routing protocols and distance-vector routing protocols are presented in detail. The popular hacking tools which can be used directly or customised to launch attacks are described. The product vendors of routing protocol security and the best practice adopted by network carriers and ISPs are investigated. The paper aims to provide an overview of Internet routing protocol security, and highlight areas for further research.

show abstract

Integrating security in inter-domain routing protocols

Cited by 27 publications

References 11 publications

A Survey of BGP Security Issues and Solutions

A Survey of BGP Security Issues and Solutions

On interdomain routing security and pretty secure BGP (psBGP)

Recent developments in securing Internet routing protocols

Contact Info

Product

Resources

About