TTM Based Security Enhancement for Inter-domain Routing Protocol

Border Gateway Protocol (BGP) acts as a vital part of the global infrastructure. Attacks against BGP are increasing in number and severity. Unfortunately, most security mechanisms based on public key cryptography suffer from performance, trust model and other issues. This paper proposes a solution that takes advantages of the power-law and rich-club features of the AS-level topology, and proposes the notion of AS Alliance and a new trust model — Translator Trust Model (TTM). TTM avoids the global distribution of certificates by trust translating between different trust domains. It achieves that with much less memory overhead than traditional solutions, and a shorter validation chain. We develop a novel SE-BGP (Security Enhanced BGP) mechanism based on TTM. It introduces new path attributes to carry origin certificates and path signatures, and the algorithms to process origin authentication and path authentication. Our analyses indicate that SE-BGP is a viable solution.

[1]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[2]  Sean W. Smith,et al.  The performance impact of BGP security , 2005, IEEE Network.

[3]  Zhang Guoqing Research on Local Clustering of the Internet AS Level Topology , 2006 .

[4]  Paul C. van Oorschot,et al.  Analysis of BGP prefix origins during Google's May 2005 outage , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[5]  Julie Thorpe,et al.  On predictive models and user-drawn graphical passwords , 2008, TSEC.

[6]  Shi Zhou,et al.  The rich-club phenomenon in the Internet topology , 2003, IEEE Communications Letters.

[7]  Michalis Faloutsos,et al.  Power laws and the AS-level internet topology , 2003, TNET.

[8]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[9]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.

[10]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[11]  Guoqiang Zhang,et al.  Exploring the Local Connectivity Preference in Internet AS Level Topology , 2007, 2007 IEEE International Conference on Communications.

[12]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.