Oorschot. Pretty secure BGP (psBGP

Oorschot. Pretty secure BGP (psBGP (2005)

Cached

Download Links

by Tao Wan , Evangelos Kranakis , P. C. Oorschot

Venue:	In The 12th Annual Network and Distributed System Security Symposium (NDSS’05
Citations:	32 - 3 self

BibTeX

@INPROCEEDINGS{Wan05oorschot.pretty,
    author = {Tao Wan and Evangelos Kranakis and P. C. Oorschot},
    title = {Oorschot. Pretty secure BGP (psBGP},
    booktitle = {In The 12th Annual Network and Distributed System Security Symposium (NDSS’05},
    year = {2005}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

The Border Gateway Protocol (BGP) is an IETF standard inter-domain routing protocol on the Internet. However, it is well known that BGP is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large scale service disruption. We first summarize a set of security goals for BGP, and then propose Pretty Secure BGP (ps-BGP) as a new security protocol achieving these goals. psBGP makes use of a centralized trust model for authenticating Autonomous System (AS) numbers, and a decentralized trust model for verifying the propriety of IP prefix origination. We compare psBGP with S-BGP and soBGP, the two leading security proposals for BGP. We believe psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operations, while requiring a different endorsement model: each AS must select a small number (e.g., one or two) of its peers from which to obtain endorsement of its prefix ownership assertions. This work contributes to the ongoing exploration of tradeoffs and balance between security guarantee, operational simplicity, and policies acceptable to the operator community. 1.

Citations

1134	Security architecture for the internet protocol - Kent, Atkinson - 1998
1040	R.: A logic for authentication - Burrows, Abadi, et al. - 1989
1010	On power-law relationships of the internet topology - Faloutsos, Faloutsos, et al.
742	Decentralized trust management - Blaze, Feigenbaum, et al. - 1996
438	Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ - Ferguson, Senie - 2000
348	On inferring autonomous system relationships in the Internet - Gao
339	A Border Gateway - Rekhter, Li - 1995
292	Characterizing the internet hierarchy from multiple vantage points - Subramanian, Agarwal, et al. - 2002
238	Security Problems in the TCP/IP Protocol Suite - Bellovin - 1989
235	Implementing pushback: router-based defense against DDoS Attacks, in - Ioannidis, Bellovin - 2002
201	Short group signatures - Boneh, Boyen, et al. - 2004
200	Routing Information Protocol - Hedrick - 1988
182	Network Layer Protocols with Byzantine Robustness - Perlman - 1988
112	Modeling a public key infrastructure - MAURER - 1996
110	A.: Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing - Goodell, Aiello, et al. - 2003
105	An Analysis of Internet Inter-Domain Topology and Route Stability - Govindan, Reddy - 1997
89	Secure Border Gateway Protocol (Secure-BGP - Kent, Lynn, et al. - 2000
86	SPV: Secure path vector routing for securing BGP - HU, PERRIG, et al. - 2004
82	Securing the Border Gateway Routing Protocol - Smith, Garcia-Luna-Aceves - 1996
74	and Whisper: Security Mechanisms for BGP - Subramanian, Roth, et al. - 2004
58	Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations - Adams, Lloyd - 1999
52	Efficient Security Mechanisms for Routing Protocols - Hu, Perrig, et al.
49	Origin authentication in interdomain routing - Aiello, Ioannidis, et al. - 2003
48	Protection of BGP sessions via TCP MD5 signature option - Heffernan - 1998
40	Toward acceptable metrics of authentication - Reiter, Stubblebine - 1997
32	Topology-based Detection of Anomalous BGP Messages - Kruegel, Mutz, et al. - 2003
30	7007 Explanation and Apology - Bono - 1997
27	Integration of Security in Network Routing Protocols - Kumar - 1993
27	An analysis - Zhao, Pei, et al. - 2001
25	Securing the Border Gateway Protocol: A status update - Kent - 2003
20	Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP - Seo, Lynn, et al. - 2001
19	Generic Threats to Routing Protocols - Barbir, Murphy, et al.
17	Applying a Formal Analysis Technique to the CCIT X.509 Strong Two-Way Authentication Protocol - GAARDER, SNEKKENES - 1991
17	Logics for cryptographic protocols - virtues and limitations - GLIGOR, KAILAR, et al. - 1991
16	Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Modelling Practice and Theory - Nicol, Smith, et al. - 2004
14	Using link cuts to attack internet routing - Bellovin, Gansner - 2003
10	Securing BGP through secure origin BGP (so-BGP - White
9	The RouteViews Project - Meyer - 2004
6	RouteViews Project. http://www.routeviews.org - Meyer
4	Border Gateway Protocol Security Analysis - Murphy - 2001
4	The Official PGP User’s Guide (second printing - ZIMMERMANN - 1995
3	An Attack Tree for the Border Gateway Protocol - Convey, Cook, et al. - 2002
3	Deploying and Using Public Key Technology - Guida, Stahl, et al. - 2004
2	Routing Arbiter Architecture. http://www.isi.edu/div7/ra/Publications - Estrin, Postel, et al. - 1994
2	Cable and Wireless Routing Instability - Farrar