BGP security in partial deployment: is the juice worth the squeeze?

As the rollout of secure route origin authentication with the RPKI slowly gains traction among network operators, there is a push to standardize secure path validation for BGP (i.e., S*BGP: S-BGP, soBGP, BGPSEC, etc.). Origin authentication already does much to improve routing security. Moreover, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in "partial deployment" alongside BGP for a long time. We therefore use theoretical and experimental approach to study the security benefits provided by partially-deployed S*BGP, vis-a-vis those already provided by origin authentication. Because routing policies have a profound impact on routing security, we use a survey of 100 network operators to find the policies that are likely to be most popular during partial S*BGP deployment. We find that S*BGP provides only meagre benefits over origin authentication when these popular policies are used. We also study the security benefits of other routing policies, provide prescriptive guidelines for partially-deployed S*BGP, and show how interactions between S*BGP and BGP can introduce new vulnerabilities into the routing system.

[1]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[2]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[3]  Jennifer Rexford,et al.  Inherently safe backup routing with BGP , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[4]  Gordon T. Wilfong,et al.  The stable paths problem and interdomain routing , 2002, TNET.

[5]  Deployment Considerations for Secure Origin BGP (soBGP) , 2003 .

[6]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[7]  Geoff Huston,et al.  BGP Wedgies , 2005, RFC.

[8]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocol , 2006, SIGCOMM 2006.

[9]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocols , 2006, SIGMETRICS '06/Performance '06.

[10]  Modeling adoptability of secure BGP protocol , 2006, SIGCOMM '06.

[11]  H. Ballani,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[12]  Ioannis C. Avramopoulos,et al.  How Small Groups Can Secure Interdomain Routing , 2007 .

[13]  Ben Laurie,et al.  DNS Security (DNSSEC) Hashed Authenticated Denial of Existence , 2008, RFC.

[14]  Sharon Goldberg,et al.  Rationality and traffic attraction: incentives for honest path announcements in bgp , 2008, SIGCOMM '08.

[15]  Lixia Zhang,et al.  Cyclops: the AS-level connectivity observatory , 2008, CCRV.

[16]  Brice Augustin,et al.  IXPs: mapped? , 2009, IMC '09.

[17]  Michael Schapira,et al.  Searching for Stability in Interdomain Routing , 2009, IEEE INFOCOM 2009.

[18]  Dan Wing,et al.  Happy Eyeballs: Trending Towards Success with Dual-Stack Hosts , 2010 .

[19]  Farnam Jahanian,et al.  Internet inter-domain traffic , 2010, SIGCOMM '10.

[20]  Sharon Goldberg,et al.  How secure are secure interdomain routing protocols , 2010, SIGCOMM '10.

[21]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[22]  Let the market drive deployment: a strategy for transitioning to BGP security , 2011, SIGCOMM.

[23]  Walter Willinger,et al.  10 Lessons from 10 Years of Measuring and Modeling the Internet's Autonomous Systems , 2011, IEEE Journal on Selected Areas in Communications.

[24]  Amogh Dhamdhere,et al.  Twelve Years in the Evolution of the Internet Ecosystem , 2011, IEEE/ACM Transactions on Networking.

[25]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[26]  Sharon Goldberg,et al.  Let the market drive deployment: a strategy for transitioning to BGP security , 2011, SIGCOMM.

[27]  Sharon Goldberg,et al.  Brief announcement: network-destabilizing attacks , 2012, PODC '12.

[28]  W. Marsden I and J , 2012 .

[29]  Sharon Goldberg,et al.  Network-Destabilizing Attacks , 2012, ArXiv.

[30]  Anja Feldmann,et al.  Anatomy of a large european IXP , 2012, SIGCOMM '12.

[31]  Sharon Goldberg,et al.  Modeling on quicksand: dealing with the scarcity of ground truth in interdomain routing data , 2012, CCRV.

[32]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[33]  Alexandra Boldyreva,et al.  Provable security of S-BGP and other path vector protocols: model, analysis and extensions , 2012, IACR Cryptol. ePrint Arch..

[34]  Sharon Goldberg,et al.  A survey of interdomain routing policies , 2013, CCRV.

[35]  BGP security in partial deployment: is the juice worth the squeeze? , 2013, SIGCOMM.

[36]  John G. Scudder,et al.  BGP Prefix Origin Validation , 2013, RFC.

[37]  M. Deren Is the juice worth the squeeze? , 2013, Connecticut medicine.

[38]  Stephen T. Kent,et al.  Threat Model for BGP Path Security , 2014, RFC.