BGP with BGPsec: Attacks and Countermeasures

Qi Li, Jiajia Liu, Yih Chun Hu, Mingwei Xu, Jianping Wu

Research output: Contribution to journalArticle

Abstract

The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Original languageEnglish (US)
Article number8594708
Pages (from-to)194-200
Number of pages7
JournalIEEE Network
Volume33
Issue number4
DOIs
StatePublished - Jul 1 2019

    Fingerprint

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Li, Q., Liu, J., Hu, Y. C., Xu, M., & Wu, J. (2019). BGP with BGPsec: Attacks and Countermeasures. IEEE Network, 33(4), 194-200. [8594708]. https://doi.org/10.1109/MNET.2018.1800171