skip to main content
article

On interdomain routing security and pretty secure BGP (psBGP)

Published: 01 July 2007 Publication History

Abstract

It is well known that the Border Gateway Protocol (BGP), the IETF standard interdomain routing protocol, is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large-scale service disruption. In this paper, we present Pretty Secure BGP (psBGP)---a proposal for securing BGP, including an architectural overview, design details for significant aspects, and preliminary security and operational analysis. psBGP differs from other security proposals (e.g., S-BGP and soBGP) in that it makes use of a single-level PKI for AS number authentication, a decentralized trust model for verifying the propriety of IP prefix origin, and a rating-based stepwise approach for AS_PATH (integrity) verification. psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operation, e.g., using a PKI with a simple structure, with a small number of certificate types, and of manageable size. psBGP is designed to successfully defend against various (nonmalicious and malicious) threats from uncoordinated BGP speakers, and to be incrementally deployed with incremental benefits.

References

[1]
Adams, C. and Lloyd, S. 2003. Understanding Public-Key Infrastructure, 2nd Ed. Addison-Wesley, Reading, MA.
[2]
Aiello, W., Ioannidis, J., and McDaniel, P. 2003. Origin authentication in interdomain routing. In Proceedings of the 10th ACM Conference on Computer and Communications Security. Washington, D.C., 165--178.
[3]
Barbir, A., Murphy, S., and Yang, Y. 2004. Generic threats to routing protocols. Internet Draft.
[4]
Bellovin, S. 1989. Security problems in the TCP/IP protocol suite. Computer Communications Review. 19, 32--48.
[5]
Bellovin, S. 2004. A look back at “security problems in the TCP/IP protocol suite”. In The 20th Annual Computer Security Applications Conference (ACSAC'04). Tucson, Arizona.
[6]
Bellovin, S. and Gansner, E. 2003. Using link cuts to attack internet routing. Unpublished manuscript.
[7]
Bellovin, S., Ioannidis, J., and Bush, R. 2005. Position paper: Operational requirements for secured BGP. In DHS Secure Routing Workshop.
[8]
Boneh, D., Boyen, X., and Shacham, H. 2004. Short group signatures. In Proceedings of Crypto 2004. Vol. 3152. 41--55.
[9]
Burrows, M., Abadi, M., and Needham, R. 1990. A logic of authentication. In Research Report 39. Digital Systems Research Center of Digital Equipment Corporation, Palo Alto, CA, 8, 1(Feb.), 18--36.
[10]
Dempster, A. 1967. Upper and lower probabilities induced by a multivalued mapping. The Annals of Statistics 28, 325--339.
[11]
DHS. 2005. DHS secure routing workshop. Department of Homeland Security, Washington, D.C.
[12]
Gaarder, K. and Snekkenes, E. 1991. Applying a formal analysis technique to the CCIT X.509 strong two-way authentication protocol. Journal of Cryptology 3, 81--98.
[13]
Gao, L. 2000. Inferring autonomous system relationships in the Internet. In IEEE Global Internet.
[14]
Gligor, V., Kailar, R., Stubblebine, S., and Gong, L. 1991. Logics for cryptographic protocols---virtues and limitations. In Proceedings of the Computer Security Foundations Workshop IV. Los Alamitos, CA. 219--226.
[15]
Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., and Rubin, A. 2003. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing. In Proceedings of the 2003 ISOC Symposium on Network and Distributed Systems Security (NDSS'03). San Diego, CA. 75--85.
[16]
Guida, R., Stahl, R., Bunt, T., Secrest, G., and Moorcones, J. 2004. Deploying and using public key technology: Lessons learned in real life. IEEE Security and Privacy (July/Aug.). 67--71.
[17]
Hedrick, C. 1988. Routing information protocol. IETF RFC 1058.
[18]
Heffernan, A. 1998. Protection of BGP sessions via the TCP MD5 signature option. IETF RFC 2385.
[19]
Housley, R., Ford, W., Polk, W., and Solo, D. 1999. Internet X.509 public key infrastructure---certificate and CRL profile. IETF RFC 2459.
[20]
Hu, Y., Perrig, A., and Sirbu, M. 2004. SPV: Secure path vector routing for securing BGP. In Proceedings of ACM 2004 SIGCOMM. Portland, OR.
[21]
IRR. 2005. Internet routing registry. http://www.irr.net.
[22]
Just, M., Kranakis, E., and Wan, T. 2003. Resisting malicious packet dropping in wireless ad hoc networks. In Proceedings of the 2nd Annual Conference on Adhoc Networks and Wireless (ADHOCNOW'03).
[23]
Kaufman, C. 2005. The internet key exchange (IKEv2) protocol. IETF RFC 4306.
[24]
Kent, S. 2003. Securing the border gateway protocol: A status update. In Seventh IFIP TC-6 TC-11 Conference on Communications and Multimedia Security.
[25]
Kent, S. 2005. IP encapsulating security payload (ESP). IETF RFC 4303.
[26]
Kent, S. 2006. An infrastructure supporting secure internet routing. In Third European PKI Workshop.
[27]
Kent, S. and Atkinson, P. 1998a. Security architecture for the Internet protocol. IETF RFC 2401.
[28]
Kent, S. and Atkinson, P. 1998b. IP encapsulating security payload (ESP). IETF RFC 2406.
[29]
Kent, S., Lynn, C., Mikkelson, J., and Seo, K. 2000. Secure border gateway protocol (S-BGP) real world performance and deployment issues. In Proceedings of the 2000 ISOC Symposium on Network and Distributed Systems Security (NDSS'00).
[30]
Kent, S., Lynn, C., and Seo, K. 2000. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18, 4 (Apr.), 582--592.
[31]
Koblitz, N. and Menezes, A. 2004. Another look at “provable security.” Cryptology ePrint Archive, Report 2004/152. To Appear in Journal of Cryptology. http://eprint.iacr.org/2004/152/.
[32]
Kruegel, C., Mutz, D., Robertson, W., and Valeur, F. 2003. Topology-based detection of anomalous BGP messages. In Proceedings of the 6th Symposium on Recent Advances in Intrusion Detection (RAID'03).
[33]
Kumar, B. and Crowcroft, J. 1993. Integrating security in interdomain routing protocols. ACM SIGCOMM Computer Communication Review 23, 5 (Oct.), 36--51.
[34]
Lynn, C., Kent, S., and Seo, K. 2003. X.509 Extensions for IP Addresses and AS Identifiers. draft-ietf-pkix-x509-ipaddr-as-extn-02.txt.
[35]
Ma, C., Hu, N., and Li, Y. 2006. On the release of CRLs in public key infrastructure. In Proceeding of 15th USENIX Security Symposium.
[36]
Maurer, U. 1996. Modelling a public-key infrastructure. In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS'96). 324--350.
[37]
Murphy S. 2002a. BGP Security Vulnerabilities Analysis. draft-murphy-bgp-vuln-00.txt.
[38]
Murphy S. 2002b. BGP Security Protections. draft-murphy-bgp-protect-00.txt.
[39]
Nicol, D., Smith, S., and Zhao, M. 2004. Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Pratice and Theory Journal, Special Issue on Modeling, 187--216.
[40]
Perlman, R. 1988. Network layer protocols with byzantine robustness. Tech. Rep. MIT/LCS/TR-429.
[41]
Reiter, M. and Stubblebine, S. 1997. Toward acceptable metrics of authentication. In Proceedings of 1997 IEEE Symposium on Security and Privacy. 10--20.
[42]
Rekhter, Y. and Li, T. 1995. A border gateway protocol 4 (BGP 4). IETF RFC 1771.
[43]
Retana, A. and White, R. 2002. BGP Custom decision process. draft-retana-bgp-custom-decision-00.txt.
[44]
RouteViews. 2005. Route views project. http://www.routeviews.org.
[45]
Seo, K., Lynn, C., and Kent, S. 2001. Public-key infrastructure for the secure border gateway protocol (S-BGP). In IEEE DARPA Information Survivability Conference and Exposition II.
[46]
Shafer, G. 1976. A Mathematical Theory of Evidence. Princeton University Press, Princeton, NJ.
[47]
Subramanian, L., Roth, V., Stoica, I., Shenker, S., and Katz, R. 2004. Listen and whisper: Security mechanisms for BGP. In Proceedings of the First Symposium on Networked Systems Design and Implementation (NSDI'04), San Francisco, CA.
[48]
Villamizar, C., Alaettinoglu, C., Meyer, D., and Murphy, S. 1999. Routing policy system security. IETF RFC 2725.
[49]
Wan, T. 2006. Securing routing protocols through information corroboration. Ph.D. thesis, Carleton University, Ottawa, Canada.
[50]
Wan, T., Kranakis, E., and van Oorschot, P. 2004. S-RIP: A secure distance vector routing protocol. In Proceedings of the Applied Cryptography and Network Security (ACNS'04). Vol. 3089. 103--119.
[51]
Wan, T., Kranakis, E., and van Oorschot, P. 2005. Pretty secure BGP (psBGP). In Proceedings of the 2005 ISOC Symposium on Network and Distributed Systems Security (NDSS'05). San Diego, CA.
[52]
Wan, T., van Oorschot, P., and Kranakis, E. 2007. A selective introduction to border gateway protocol (BGP) security issues. In Proceedings of the NATO Advanced Studies Institute on Network Security and Intrusion Detection. Nork, Yerevan, Armenia. IOS Press (to appear, 2007).
[53]
White, R. 2003. Securing BGP through secure origin BGP. The Internet Protocol Journal 6, 3, 15--22.
[54]
White, R., McPherson, D., and Sangli, S. 2004. Practical BGP. Addison-Wesley, Reading, MA.
[55]
Zhao, M., Smith, S., and Nicol, D. 2005a. Aggregated path authentciation for efficient BGP security. In Proceedings of 12th ACM Conference on Computer and Communications Security. Alexandria, VA.
[56]
Zhao, M., Smith, S., and Nicol, D. 2005b. Evaluating the performance impact of PKI on BGP security. In Proceedings of 4th Annual PKI Research Workshop (PKI'05). Gaithersburg, MD.
[57]
Zimmermann, P. 1995. The Official PGP User's Guide (second printing). MIT Press, Cambridge, MA.
[58]
Zsako, J. 1999. PGP authentication for RIPE database updates. IETF RFC 2726.

Cited By

View all
  • (2024)The Resource Public Key Infrastructure (RPKI): A Survey on Measurements and Future ProspectsIEEE Transactions on Network and Service Management10.1109/TNSM.2023.332745521:2(2353-2373)Online publication date: Apr-2024
  • (2023)BGPEval: Automating Large-Scale Testbed Creation2023 19th International Conference on Network and Service Management (CNSM)10.23919/CNSM59352.2023.10327905(1-5)Online publication date: 30-Oct-2023
  • (2023)MANRS Statistical analysis and adoption in india as a collaborative security toolJournal of Cyber Security Technology10.1080/23742917.2023.21755277:4(181-198)Online publication date: 2-Mar-2023
  • Show More Cited By

Index Terms

  1. On interdomain routing security and pretty secure BGP (psBGP)

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Transactions on Information and System Security
      ACM Transactions on Information and System Security  Volume 10, Issue 3
      July 2007
      195 pages
      ISSN:1094-9224
      EISSN:1557-7406
      DOI:10.1145/1266977
      Issue’s Table of Contents

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 01 July 2007
      Published in TISSEC Volume 10, Issue 3

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. BGP
      2. authentication
      3. certificates
      4. interdomain routing
      5. public-key infrastructure
      6. secure routing protocols
      7. trust

      Qualifiers

      • Article

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)42
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)The Resource Public Key Infrastructure (RPKI): A Survey on Measurements and Future ProspectsIEEE Transactions on Network and Service Management10.1109/TNSM.2023.332745521:2(2353-2373)Online publication date: Apr-2024
      • (2023)BGPEval: Automating Large-Scale Testbed Creation2023 19th International Conference on Network and Service Management (CNSM)10.23919/CNSM59352.2023.10327905(1-5)Online publication date: 30-Oct-2023
      • (2023)MANRS Statistical analysis and adoption in india as a collaborative security toolJournal of Cyber Security Technology10.1080/23742917.2023.21755277:4(181-198)Online publication date: 2-Mar-2023
      • (2022)The State of the Art in BGP Visualization Tools: A Mapping of Visualization Techniques to Cyberattack TypesIEEE Transactions on Visualization and Computer Graphics10.1109/TVCG.2022.3209412(1-11)Online publication date: 2022
      • (2021)BGP Neighbor Trust Establishment Mechanism Based on the Bargaining GameInformation10.3390/info1203011012:3(110)Online publication date: 4-Mar-2021
      • (2021)ROAchain: Securing Route Origin Authorization With Blockchain for Inter-Domain RoutingIEEE Transactions on Network and Service Management10.1109/TNSM.2020.301555718:2(1690-1705)Online publication date: Jun-2021
      • (2021)DRRS-BC: Decentralized Routing Registration System Based on BlockchainIEEE/CAA Journal of Automatica Sinica10.1109/JAS.2021.10042048:12(1868-1876)Online publication date: Dec-2021
      • (2020)dPHI: An improved high-speed network-layer anonymity protocolProceedings on Privacy Enhancing Technologies10.2478/popets-2020-00542020:3(304-326)Online publication date: 17-Aug-2020
      • (2020)NRV: Leveraging Secure Multi-Party Computation for Lightweight BGP Security Enhancement2020 IEEE 39th International Performance Computing and Communications Conference (IPCCC)10.1109/IPCCC50635.2020.9391537(1-6)Online publication date: 6-Nov-2020
      • (2020)Next Generation Information Warfare: Rationales, Scenarios, Threats, and Open IssuesInformation Systems Security and Privacy10.1007/978-3-030-49443-8_2(24-47)Online publication date: 28-Jun-2020
      • Show More Cited By

      View Options

      Login options

      Full Access

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media