Pretty Secure BGP, psBGP
نویسندگان
چکیده
The Border Gateway Protocol (BGP) is an IETF standard inter-domain routing protocol on the Internet. However, it is well known that BGP is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large scale service disruption. We first summarize a set of security goals for BGP, and then propose Pretty Secure BGP (psBGP) as a new security protocol achieving these goals. psBGP makes use of a centralized trust model for authenticating Autonomous System (AS) numbers, and a decentralized trust model for verifying the propriety of IP prefix origination. We compare psBGP with S-BGP and soBGP, the two leading security proposals for BGP. We believe psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operations, while requiring a different endorsement model: each AS must select a small number (e.g., one or two) of its peers from which to obtain endorsement of its prefix ownership assertions. This work contributes to the ongoing exploration of tradeoffs and balance between security guarantee, operational simplicity, and policies acceptable to the operator community.
منابع مشابه
A Selective Introduction to Border Gateway Protocol (BGP) Security Issues
The Internet has become a critical communication infrastructure which we are increasingly reliant upon. As the world moves into a converged network where voice, video, and data are all transmitted over the same network, disruption of the Internet can cause more severe damage. Therefore, it is critical to protect the Internet from potential service disruption in order to ensure its continous fun...
متن کاملSecurity Issues in the Border Gateway Protocol (BGP)
The Internet has become a critical communication infrastructure which we are increasingly reliant upon. As the world moves into a converged network where voice, video, and data are all transmitted over the same network, disruption of the Internet can cause more severe damage. Therefore, it is critical in order to protect the Internet from potential service disruption to ensure its continous fun...
متن کاملPretty Good BGP: Protecting BGP by Cautiously Selecting Routes
The Internet’s interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks primarily due to operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. Until such a large proposal is adopted, networks will remain vulnerable to false information injected into BGP. However, BGP rout...
متن کاملAutonomous security for autonomous systems
The Internet’s interdomain routing protocol, BGP, supports a complex network of Autonomous Systems which is vulnerable to a number of potentially crippling attacks. Several promising cryptography-based solutions have been proposed, but their adoption has been hindered by the need for community consensus, cooperation in a public key infrastructure (PKI), and a common security protocol. Rather th...
متن کاملPretty Good BGP: Protecting BGP by Cautiously Selecting Routes
The Border Gateway Protocol (BGP), the Internet’s interdomain routing protocol, is vulnerable to a number of damaging attacks. Proposed solutions either (i) rely on a public-key infrastructure and accurate routing registries or (ii) detect attacks only after they have spread throughout the network. However, BGP routers could avoid selecting and propagating malicious routes if they were cautious...
متن کامل