SPV: Secure path vector routing for securing BGP

Yih Chun Hu, Adrian Perrig, Marvin Sirbu

Research output: Contribution to journalConference article

Abstract

As our economy and critical infrastructure increasingly relies on the Internet, the insecurity of the underlying border gateway routing protocol (BGP) stands out as the Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of BGP. Securing BGP has become a priority. In this paper, we focus on a viable deployment path to secure BGP. We analyze security requirements, and consider tradeoffs of mechanisms that achieve the requirements. In particular, we study how to secure BGP update messages against attacks. We design an efficient cryptographic mechanism that relies only on symmetric cryptographic primitives to guard an ASPATH from alteration, and propose the Secure Path Vector (SPV) protocol. In contrast to the previously proposed S-BGP protocol, SPY is around 22 times faster. With the current effort to secure BGP, we anticipate that SPY will contribute several alternative mechanisms to secure BGP, especially for the case of incremental deployments.

Original languageEnglish (US)
Pages (from-to)179-192
Number of pages14
JournalComputer Communication Review
Volume34
Issue number4
DOIs
StatePublished - Dec 1 2004
EventACM SIGCOMM 2004: Conference on Computer Communications - Portland, OR, United States
Duration: Aug 30 2004Sep 3 2004

Fingerprint

Gateways (computer networks)
Routing protocols
Network protocols
Critical infrastructures
Brittleness
Internet

Keywords

  • BGP
  • Border Gateway Protocol
  • Interdomain routing
  • Routing
  • Security

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

SPV : Secure path vector routing for securing BGP. / Hu, Yih Chun; Perrig, Adrian; Sirbu, Marvin.

In: Computer Communication Review, Vol. 34, No. 4, 01.12.2004, p. 179-192.

Research output: Contribution to journalConference article

Hu, Yih Chun ; Perrig, Adrian ; Sirbu, Marvin. / SPV : Secure path vector routing for securing BGP. In: Computer Communication Review. 2004 ; Vol. 34, No. 4. pp. 179-192.
@article{d8a1e1835cfa40f6972c68f6929564d4,
title = "SPV: Secure path vector routing for securing BGP",
abstract = "As our economy and critical infrastructure increasingly relies on the Internet, the insecurity of the underlying border gateway routing protocol (BGP) stands out as the Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of BGP. Securing BGP has become a priority. In this paper, we focus on a viable deployment path to secure BGP. We analyze security requirements, and consider tradeoffs of mechanisms that achieve the requirements. In particular, we study how to secure BGP update messages against attacks. We design an efficient cryptographic mechanism that relies only on symmetric cryptographic primitives to guard an ASPATH from alteration, and propose the Secure Path Vector (SPV) protocol. In contrast to the previously proposed S-BGP protocol, SPY is around 22 times faster. With the current effort to secure BGP, we anticipate that SPY will contribute several alternative mechanisms to secure BGP, especially for the case of incremental deployments.",
keywords = "BGP, Border Gateway Protocol, Interdomain routing, Routing, Security",
author = "Hu, {Yih Chun} and Adrian Perrig and Marvin Sirbu",
year = "2004",
month = "12",
day = "1",
doi = "10.1145/1030194.1015488",
language = "English (US)",
volume = "34",
pages = "179--192",
journal = "Computer Communication Review",
issn = "0146-4833",
publisher = "Association for Computing Machinery (ACM)",
number = "4",

}

TY - JOUR

T1 - SPV

T2 - Secure path vector routing for securing BGP

AU - Hu, Yih Chun

AU - Perrig, Adrian

AU - Sirbu, Marvin

PY - 2004/12/1

Y1 - 2004/12/1

N2 - As our economy and critical infrastructure increasingly relies on the Internet, the insecurity of the underlying border gateway routing protocol (BGP) stands out as the Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of BGP. Securing BGP has become a priority. In this paper, we focus on a viable deployment path to secure BGP. We analyze security requirements, and consider tradeoffs of mechanisms that achieve the requirements. In particular, we study how to secure BGP update messages against attacks. We design an efficient cryptographic mechanism that relies only on symmetric cryptographic primitives to guard an ASPATH from alteration, and propose the Secure Path Vector (SPV) protocol. In contrast to the previously proposed S-BGP protocol, SPY is around 22 times faster. With the current effort to secure BGP, we anticipate that SPY will contribute several alternative mechanisms to secure BGP, especially for the case of incremental deployments.

AB - As our economy and critical infrastructure increasingly relies on the Internet, the insecurity of the underlying border gateway routing protocol (BGP) stands out as the Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of BGP. Securing BGP has become a priority. In this paper, we focus on a viable deployment path to secure BGP. We analyze security requirements, and consider tradeoffs of mechanisms that achieve the requirements. In particular, we study how to secure BGP update messages against attacks. We design an efficient cryptographic mechanism that relies only on symmetric cryptographic primitives to guard an ASPATH from alteration, and propose the Secure Path Vector (SPV) protocol. In contrast to the previously proposed S-BGP protocol, SPY is around 22 times faster. With the current effort to secure BGP, we anticipate that SPY will contribute several alternative mechanisms to secure BGP, especially for the case of incremental deployments.

KW - BGP

KW - Border Gateway Protocol

KW - Interdomain routing

KW - Routing

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=21844463097&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=21844463097&partnerID=8YFLogxK

U2 - 10.1145/1030194.1015488

DO - 10.1145/1030194.1015488

M3 - Conference article

AN - SCOPUS:21844463097

VL - 34

SP - 179

EP - 192

JO - Computer Communication Review

JF - Computer Communication Review

SN - 0146-4833

IS - 4

ER -