A Survey of BGP Security Issues and Solutions

A Survey of BGP Security Issues and Solutions (2004)

Cached

Download Links

by Kevin Butler , Toni Farley , Patrick Mcdaniel , Jennifer Rexford

Venue:	AT&T Labs - Research, Florham Park, NJ
Citations:	32 - 4 self

BibTeX

@TECHREPORT{Butler04asurvey,
    author = {Kevin Butler and Toni Farley and Patrick Mcdaniel and Jennifer Rexford},
    title = {A Survey of BGP Security Issues and Solutions},
    institution = {AT&T Labs - Research, Florham Park, NJ},
    year = {2004}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities currently existing within interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their designs considered. We note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further investigation into the problems and solutions of BGP security.

Citations

2507	A method for obtaining digital signatures and public-key cryptosystems - Rivest, Shamir, et al.
2292	New Directions in Cryptography - Diffie, Hellman - 1976
1580	On the self-similar nature of ethernet traffic - Leland, Taqqu, et al. - 1994
1134	Security architecture for the internet protocol - Kent, Atkinson - 1998
675	The MD5 Message-Digest Algorithm - Rivest - 1992
652	End-to-end Internet packet dynamics - Paxson - 1999
571	OSPF Version 2 - Moy - 1998
524	End-to-end routing behavior in the Internet - Paxson - 1997
488	Measuring ISP topologies with Rocketfuel - Spring, Mahajan, et al. - 2002
460	signatures from the Weil pairing - Boneh, Lynn, et al.
348	On inferring autonomous system relationships in the Internet - Gao
339	A Border Gateway - Rekhter, Li - 1995
329	Measurements and Analysis of End-to-End Internet Dynamics - Paxson - 1997
292	Characterizing the internet hierarchy from multiple vantage points - Subramanian, Agarwal, et al. - 2002
278	HMAC: Keyed-Hashing for Message Authentication - Krawczyk, Bellare, et al.
254	A Border Gateway Protocol 4 - Rekhter, Li - 1994
238	Security Problems in the TCP/IP Protocol Suite - Bellovin - 1989
234	T.: Understanding BGP misconfigurations - Mahajan, Wetherall, et al.
233	Protocols for public key cryptosystems - Merkle - 1980
227	Stable internet routing without global coordination - Gao, Rexford - 2001
211	2001): The constancy of internet path properties - Zhang, Du, et al.
200	Routing Information Protocol - Hedrick - 1988
186	An analysis of BGP convergence properties - Griffin, Wilfong - 1999
182	Aggregate and verifiably encrypted signatures from bilinear maps - Boneh, Gentry, et al. - 2003
182	Network Layer Protocols with Byzantine Robustness - Perlman - 1988
178	Secure border gateway protocol (S-BGP - Kent, Lynn, et al.
162	A taxonomy of DDoS attacks and DDoS defense mechanisms, UCLA CSD - Mirkovic, Martin, et al.
159	Understanding the network-level behavior of spammers - Ramachandran, Feamster - 2006
149	A forward-secure digital signature scheme - Bellare, Miner - 1999
141	Towards an accurate AS-level traceroute tool - Mao, Rexford, et al. - 2003
137	III, BGP4: Inter-domain Routing in the Internet - Stewart - 1999
128	Certificate Revocation and Certificate Update - Naor, Nissim - 2000
125	The impact of Internet policy and topology on delayed routing convergence - Labovitz, Wattenhofer, et al. - 2001
110	A.: Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing - Goodell, Aiello, et al. - 2003
107	Digital Signatures for Flows and Multicasts - Wong, Lam - 1999
102	HMAC: Keyed-hashing for message authentication. RFC 2104, Network Working Group - Krawczyk, Bellare, et al. - 1997
89	Secure Border Gateway Protocol (Secure-BGP - Kent, Lynn, et al. - 2000
86	Version 2 - Malkin - 1998
86	SPV: Secure path vector routing for securing BGP - HU, PERRIG, et al. - 2004
83	Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure - Ellison, Schneier
82	Securing the Border Gateway Routing Protocol - Smith, Garcia-Luna-Aceves - 1996
76	Measuring the effects of internet path faults on reactive routing - Feamster, Andersen, et al. - 2003
74	and Whisper: Security Mechanisms for BGP - Subramanian, Roth, et al. - 2004
67	Towards realistic million-node internet simulations - Cowie - 1999
60	Using the Domain Name System for System Break-ins - Bellovin
60	On-line/o#-line digital signatures - Even, Goldreich, et al. - 1990
56	Commentary on inter-domain routing - Huston - 2001
55	Secure traceroute to detect faulty or malicious routing - Padmanabhan, Simon - 2003
53	An Architecture for Describing Simple Network - Harrington, Presuhn, et al. - 2002
52	Efficient Security Mechanisms for Routing Protocols - Hu, Perrig, et al.