Deployable BGP Security

The routing protocol that connects the Autonomous Systems, BGP, is vulnerable to a number of potentially crippling attacks because it trusts unverified control plane information received from external networks. Within the last year we have seen ConEdison hijack Panix’s /16 [1], TTNET hijack several /8’s including 1247 more specifics of AT&T’s 12/8 [2], NW Network Cable announce several /8’s including nearly 2800 more specifics [3], multiple ASs (8437, 16215) announce the entirety of published dark space [4], and AS 22773 announced 128/1. We know that these events are bogus because they are so severe. Smaller attacks and misconfigurations are not so easily identified and there are likely hundreds of hijacks that we have not been able to verify. However, it has been difficult to convince the operator community to adopt any of several proposed security solutions. The draft RFC for soBGP [5] has expired, and the community has not even started distributing AS number certificates, a prerequisite to complete verification. In this paper I discuss some of the deployment difficulties that BGP security enhancements have faced, suggest directions for future research, and propose an initial framework for a simple yet effective security improvement for BGP that can be rapidly deployed.