A Survey of BGP Security Issues and Solutions

As the Internet's de facto interdomain routing protocol, the Border Gateway Protocol (BGP) is the glue that holds the disparate parts of the Internet together. A major limitation of BGP is its failure to adequately address security. Recent high-profile outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design of BGP and the ubiquity of its deployment have frustrated past efforts at securing interdomain routing. This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security. We explore the limitations and advantages of proposed security extensions to BGP, and explain why no solution has yet struck an adequate balance between comprehensive security and deployment cost.

[1]  Brenda S. Baker,et al.  Gossips and telephones , 1972, Discret. Math..

[2]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[5]  David L. Mills Exterior Gateway Protocol formal specification , 1984, RFC.

[6]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[7]  Charles L. Hedrick,et al.  Routing Information Protocol , 1988, RFC.

[8]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[9]  V. Rich Personal communication , 1989, Nature.

[10]  Dave Katz,et al.  Application of the Border Gateway Protocol in the Internet , 1990, RFC.

[11]  Ross W. Callon,et al.  Use of OSI IS-IS for routing in TCP/IP and dual environments , 1990, RFC.

[12]  Atsushi Fujioka,et al.  ESIGN: An Efficient Digital Signature Implementation for Smard Cards , 1991, EUROCRYPT.

[13]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[14]  Walter Willinger,et al.  On the Self-Similar Nature of Ethernet Traffic ( extended version ) , 1995 .

[15]  Jon Crowcroft,et al.  Integrating security in inter-domain routing protocols , 1993, CCRV.

[16]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[17]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[18]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[19]  Laurent Joncheray,et al.  Representation of IP Routing Policies in a Routing Registry (ripe-81++) , 1995, RFC.

[20]  B. Briscoe Internet Engineering Task Force , 1995 .

[21]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[22]  Paul Traina Experience with the BGP-4 protocol , 1995, RFC.

[23]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[24]  Steven M. Bellovin,et al.  Using the Domain Name System for System Break-ins , 1995, USENIX Security Symposium.

[25]  Tony Bates,et al.  Guidelines for creation, selection, and registration of an Autonomous System (AS) , 1996, RFC.

[26]  J.J. Garcia-Luna-Aceves,et al.  Securing the border gateway routing protocol , 1996, Proceedings of GLOBECOM'96. 1996 IEEE Global Telecommunications Conference.

[27]  Antoni Przygienda BGP-4 MD5 Authentication , 1997 .

[28]  J. J. Garcia-Luna-Aceves,et al.  Securing distance-vector routing protocols , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[29]  Vern Paxson,et al.  Measurements and analysis of end-to-end Internet dynamics , 1997 .

[30]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[31]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[32]  Naganand Doraswamy,et al.  IP Security Document Roadmap , 1998, RFC.

[33]  Enke Chen,et al.  Using a Dedicated AS for Sites Homed to a Single Provider , 1998, RFC.

[34]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[35]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[36]  John W. Stewart,et al.  BGP4 : inter-domain routing in the Internet , 1998 .

[37]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[38]  Gary Scott Malkin,et al.  RIP Version 2 , 1998, RFC.

[39]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[40]  Kan Zhang,et al.  Efficient Protocols for Signing Routing Messages , 1998, NDSS.

[41]  J. J. Garcia-Luna-Aceves,et al.  Efficient security mechanisms for the border gateway routing protocol , 1998, Comput. Commun..

[42]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[43]  Randy Bush,et al.  DNS-based NLRI origin AS verification in BGP , 1998 .

[44]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[45]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1999, TNET.

[46]  David M. Nicol,et al.  Towards Realistic Million-Node Internet Simulation , 1999, PDPTA.

[47]  James Cowie Hongbo Liu Jason Liu David Nicol Andy Ogielski Towards Realistic Million-Node Internet Simulations , 1999 .

[48]  Daniel Minoli,et al.  Internet Architectures , 1999 .

[49]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[50]  Vern Paxson End-to-end internet packet dynamics , 1999, TNET.

[51]  Radia Perlman,et al.  Interconnections: Bridges, Routers, Switches, and Internetworking Protocols , 1999 .

[52]  Cengiz Alaettinoglu,et al.  Routing Policy System Security , 1999, RFC.

[53]  Gordon T. Wilfong,et al.  An analysis of BGP convergence properties , 1999, SIGCOMM '99.

[54]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[55]  Deborah Estrin,et al.  Advances in network simulation , 2000, Computer.

[56]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[57]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[58]  Roger Wattenhofer,et al.  Resilience Characteristics of the Internet Backbone Routing Infrastructure , 2000 .

[59]  Jie Yun Yu Scalable Routing Design Principles , 2000, RFC.

[60]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[61]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.

[62]  M. Bellare,et al.  HMAC: Keyed-Hashing for Message Authentication, RFC 2104 , 2000 .

[63]  Andrew G. Malis,et al.  A Framework for IP Based Virtual Private Networks , 2000, RFC.

[64]  Yin Zhang,et al.  The Stationarity of Internet Path Properties: Routing, Loss, and Throughput , 2000 .

[65]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[66]  M. Goodrich Efficient and Secure Network Routing Algorithms , 2001 .

[67]  Daniel Massey,et al.  Validation of multiple origin ases conflicts through bgp community attribute , 2001 .

[68]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[69]  Jennifer Rexford,et al.  Stable internet routing without global coordination , 2001, TNET.

[70]  Karen Seo,et al.  Public-key infrastructure for the Secure Border Gateway Protocol (S-BGP) , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[71]  Randy Bush,et al.  Slowing Routing Table Growth by Filtering Based on Address Allocation Policies , 2001 .

[72]  V. D. Stachtos,et al.  Sphere : A Binding Model and Middleware for Routing Protocols , 2001 .

[73]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[74]  Olivier Bonaventure,et al.  Understanding the Long-Term Self-Similarity of Internet Traffic , 2001, QofIS.

[75]  Geoff Huston Commentary on Inter-Domain Routing in the Internet , 2001, RFC.

[76]  Roger Wattenhofer,et al.  The impact of Internet policy and topology on delayed routing convergence , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[77]  Daniel Massey,et al.  Detection of invalid routing announcement in the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[78]  Ramesh Govindan,et al.  An empirical study of router response to large BGP routing table load , 2002, IMW '02.

[79]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, SIGCOMM 2002.

[80]  Daniel Massey,et al.  Observation and analysis of BGP behavior under stress , 2002, IMW '02.

[81]  Hu Chunzhe BGP Sessions Protection via MD5 Authentication , 2002 .

[82]  Chin-Tser Huang,et al.  Hop integrity in computer networks , 2002, TNET.

[83]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[84]  Bert Wijnen,et al.  An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks , 2002, RFC.

[85]  Randy H. Katz,et al.  Characterizing the Internet hierarchy from multiple vantage points , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[86]  Daniel Massey,et al.  Protecting BGP Routes to Top-Level DNS Servers , 2003, IEEE Trans. Parallel Distributed Syst..

[87]  Eric Rescorla,et al.  Guidelines for Writing RFC Text on Security Considerations , 2003, RFC.

[88]  Steven M. Bellovin,et al.  Using Link Cuts to Attack Internet Routing , 2003 .

[89]  Sean W. Smith,et al.  Efficient Security for BGP Route Announcements , 2003 .

[90]  G. Manimaran,et al.  An efficient algorithm for malicious update detection & recovery in distance vector protocols , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[91]  Deployment Considerations for Secure Origin BGP (soBGP) , 2003 .

[92]  Daniel R. Simon,et al.  Secure traceroute to detect faulty or malicious routing , 2003, CCRV.

[93]  Sean Convery,et al.  An Attack Tree for the Border Gateway Protocol , 2003 .

[94]  Yih-Chun Hu Efficient Security Mechanisms for Routing Protocols , 2003 .

[95]  Tal Malkin,et al.  On the performance, feasibility, and use of forward-secure signatures , 2003, CCS '03.

[96]  Jia Wang,et al.  Towards an accurate AS-level traceroute tool , 2003, SIGCOMM '03.

[97]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[98]  Pavlin Radoslavov,et al.  A framework for incremental deployment strategies for router-assisted services , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[99]  S. Gorman,et al.  Least Effort Strategies for Cybersecurity , 2003, cond-mat/0306002.

[100]  Stephen T. Kent,et al.  Securing the Border Gateway Protocol: A Status Update , 2003, Communications and Multimedia Security.

[101]  Christopher Krügel,et al.  Topology-Based Detection of Anomalous BGP Messages , 2003, RAID.

[102]  Daniel Massey,et al.  Protecting BGP routes to top level DNS servers , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[103]  L. Wood,et al.  From the Authors , 2003, European Respiratory Journal.

[104]  Yih-Chun Hu,et al.  Efficient Security Mechanisms for Routing Protocolsa , 2003, NDSS.

[105]  W. Li Inter-Domain Routing : Problems and Solutions , 2003 .

[106]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[107]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[108]  Nick Feamster,et al.  Measuring the effects of internet path faults on reactive routing , 2003, SIGMETRICS '03.

[109]  Xu Mei Internet Key Exchange , 2003 .

[110]  Nick Feamster,et al.  BorderGuard: detecting cold potatoes from peers , 2004, IMC '04.

[111]  David Meyer,et al.  The Generalized TTL Security Mechanism (GTSM) , 2004, RFC.

[112]  Sean W. Smith,et al.  Evaluation of efficient security for BGP route announcements using parallel simulation , 2004, Simul. Model. Pract. Theory.

[113]  Daniel Massey,et al.  A framework for resilient Internet routing protocols , 2004, IEEE Network.

[114]  D. Boneh,et al.  Short Signatures from the Weil Pairing , 2001, Journal of Cryptology.

[115]  Ian F. Blake,et al.  On the complexity of the discrete logarithm and Diffie-Hellman problems , 2004, J. Complex..

[116]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[117]  A. Perrig,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM '04.

[118]  Hisashi Kobayashi,et al.  Highly secure and efficient routing , 2004, IEEE INFOCOM 2004.

[119]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[120]  Chris Lonvick,et al.  RADIUS Attributes for soBGP Support , 2004 .

[121]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[122]  Joseph Kee-yin Ng,et al.  Extensions to BGP to Support Secure Origin BGP , 2004 .

[123]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[124]  Vijay Gill Lack of Priority Queuing Considered Harmful , 2004, ACM Queue.

[125]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM 2004.

[126]  S. Kent IP Authentication Header , 1995, RFC.

[127]  Olivier Bonaventure,et al.  Open issues in interdomain routing: a survey , 2005, IEEE Network.

[128]  Geoff Huston,et al.  BGP Wedgies , 2005, RFC.

[129]  Florent Parent,et al.  Routing Policy Specification Language next generation (RPSLng) , 2005, RFC.

[130]  Jennifer Rexford,et al.  BGP routing policies in ISP networks , 2005, IEEE Network.

[131]  Sean W. Smith,et al.  Evaluating the Performance Impact of PKI on BGP Security , 2005 .

[132]  Sean W. Smith,et al.  The performance impact of BGP security , 2005, IEEE Network.

[133]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[134]  Sean W. Smith,et al.  Aggregated path authentication for efficient BGP security , 2005, CCS '05.

[135]  Ajoy Kumar Datta,et al.  Stabilizing inter-domain routing in the Internet , 2005, J. High Speed Networks.

[136]  C. Kaufman Internet Key Exchange (IKEv2) Protocol", RFC 4306 , 2005 .

[137]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[138]  Jennifer Rexford,et al.  Don't Secure Routing Protocols, Secure Data Delivery , 2006, HotNets.

[139]  Patrick D. McDaniel,et al.  Optimizing BGP security by exploiting path stability , 2006, CCS '06.

[140]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[141]  Dongho Kim,et al.  Experience with DETER: a testbed for security research , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..

[142]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocol , 2006, SIGCOMM 2006.

[143]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[144]  Vern Paxson End-to-end routing behavior in the internet , 2006, Comput. Commun. Rev..

[145]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocols , 2006, SIGMETRICS '06/Performance '06.

[146]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[147]  K. Schwalm National Strategy to Secure Cyberspace , 2006 .

[148]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2006, Comput. Networks.

[149]  Yi Yang,et al.  Generic Threats to Routing Protocols , 2006, RFC.

[150]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[151]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.

[152]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[153]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM 2006.

[154]  Russ White Architecture and Deployment Considerations for Secure Origin BGP (soBGP) , 2006 .

[155]  Zhuoqing Morley Mao,et al.  Accurate Real-time Identification of IP Prefix Hijacking , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[156]  Dave Katz,et al.  Multiprotocol Extensions for BGP-4 , 1998, RFC.

[157]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[158]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM 2007.

[159]  Dmitri V. Krioukov,et al.  AS relationships: inference and validation , 2006, CCRV.

[160]  Vitaly Shmatikov,et al.  Truth in advertising: lightweight verification of route integrity , 2007, PODC '07.

[161]  M. Kaeo Current Operational Security Practices in Internet Service Provider Environments , 2007 .

[162]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[163]  Bruce M. Maggs,et al.  On the impact of route monitor selection , 2007, IMC '07.

[164]  Saurabh Panjwani,et al.  Analysis of the SPV secure routing protocol: weaknesses and lessons , 2007, CCRV.

[165]  Ioannis C. Avramopoulos,et al.  How Small Groups Can Secure Interdomain Routing , 2007 .

[166]  Jennifer Rexford,et al.  Autonomous security for autonomous systems , 2008, Comput. Networks.

[167]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[168]  Sharon Goldberg,et al.  Rationality and traffic attraction: incentives for honest path announcements in bgp , 2008, SIGCOMM '08.

[169]  Biswanath Mukherjee,et al.  A survey of security techniques for the border gateway protocol (BGP) , 2009, IEEE Communications Surveys & Tutorials.

[170]  Geoff Huston,et al.  Validation of Route Origination in BGP using the Resource Certificate PKI , 2009 .

[171]  Joseph D. Touch,et al.  The TCP Authentication Option , 2010, RFC.

[172]  Simon Josefsson,et al.  Internet Engineering Task Force (ietf) Using Kerberos Version 5 over the Transport Layer Security (tls) Protocol , 2011 .

[173]  Stephen T. Kent,et al.  A Profile for Route Origin Authorizations (ROAs) , 2012, RFC.

[174]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.