论文信息 - Securing the Border

Securing the Border

We analyze the security of the BGP routing protocol, and identify a number of vulnerabilities in its design and the corresponding threats. We then present a set of proposed modifications to the protocol which minimize or eliminate the most significant threats. The innovation we introduce is the protection of the second-to-last information contained in the AS-PATH attributes by digital signatures, and the use of techniques developed for detecting loops in path-finding protocols to verify the selected route's path information. With these techniques we are able to secure full path information in near constant space, and avoid the recursive protection mechanisms previously assumed necessary.

J. J. Garcia-Luna-Aceves | Bradley R. Smith | B. R. Smith | J. Garcia-Luna-Aceves

[1] Jon Crowcroft,et al. Integrating security in inter-domain routing protocols , 1993, CCRV.

[2] Radia J. Perlman,et al. Network layer protocols with Byzantine robustness , 1988 .

[3] J. J. Garcia-Luna-Aceves,et al. A loop-free extended Bellman-Ford routing protocol without bouncing effect , 1989, SIGCOMM 1989.

[4] Whitfield Diffie,et al. Security for the DoD Transmission Control Protocol , 1986, CRYPTO.

[5] Laurent Joncheray. A Simple Active Attack Against TCP , 1995, USENIX Security Symposium.

[6] Brijesh Kumar,et al. Integration of security in network routing protocols , 1993, SGSC.

[7] Randall J. Atkinson,et al. Security Architecture for the Internet Protocol , 1995, RFC.

[8] Stephen T. Kent,et al. Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[9] Deborah Estrin,et al. A protocol for route establishment and packet forwarding across multidomain internets , 1993, TNET.

[10] Jerome H. Saltzer,et al. End-to-end arguments in system design , 1984, TOCS.

[11] J. J. Garcia-Luna-Aceves,et al. An efficient routing protocol for wireless networks , 1996, Mob. Networks Appl..