BGP with BGPsec: Attacks and Countermeasures

Qi Li, Jiajia Liu, Yih Chun Hu, Mingwei Xu, Jianping Wu

Research output: Contribution to journalArticlepeer-review


The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Original languageEnglish (US)
Article number8594708
Pages (from-to)194-200
Number of pages7
JournalIEEE Network
Issue number4
StatePublished - Jul 1 2019

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'BGP with BGPsec: Attacks and Countermeasures'. Together they form a unique fingerprint.

Cite this