Securing BGP — A Literature Survey

The Border Gateway Protocol (BGP) is the Internet's inter-domain routing protocol. One of the major concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet is vulnerable to various forms of attack. This paper examines the Internet's routing architecture and the design of BGP in particular, and surveys the work to date on securing BGP. To date no proposal has been seen as offering a combination of adequate security functions, suitable performance overheads and deployable support infrastructure. Some open questions on the next steps in the study of BGP security are posed.

[1]  Sean W. Smith,et al.  The performance impact of BGP security , 2005, IEEE Network.

[2]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[3]  Jia Wang,et al.  Towards an accurate AS-level traceroute tool , 2003, SIGCOMM '03.

[4]  Yakov Rekhter Experience with the BGP Protocol , 1991, RFC.

[5]  Jon Postel,et al.  Transmission Control Protocol , 1981, RFC.

[6]  Laurent Joncheray,et al.  Representation of IP Routing Policies in a Routing Registry (ripe-81++) , 1995, RFC.

[7]  Kirk Lougheed,et al.  Border Gateway Protocol (BGP) , 1989, RFC.

[8]  Brijesh Kumar,et al.  Integration of security in network routing protocols , 1993, SGSC.

[9]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[10]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM 2004.

[11]  Robert Kisteleki,et al.  Securing RPSL Objects with RPKI Signatures , 2008 .

[12]  Pavlin Radoslavov,et al.  A framework for incremental deployment strategies for router-assisted services , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[13]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[14]  Benoit Donnet,et al.  Internet topology discovery: a survey , 2007, IEEE Communications Surveys & Tutorials.

[15]  Sharon Goldberg,et al.  Rationality and traffic attraction: incentives for honest path announcements in bgp , 2008, SIGCOMM '08.

[16]  Nick Feamster,et al.  Network-Wide Prediction of BGP Routes , 2007, IEEE/ACM Transactions on Networking.

[17]  Zhuoqing Morley Mao,et al.  Accurate Real-time Identification of IP Prefix Hijacking , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[18]  Lixia Zhang,et al.  Understanding Resiliency of Internet Topology against Prefix Hijack Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[19]  Vitaly Shmatikov,et al.  Truth in advertising: lightweight verification of route integrity , 2007, PODC '07.

[20]  Miguel Rio,et al.  Network topologies: inference, modeling, and generation , 2008, IEEE Communications Surveys & Tutorials.

[21]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[22]  David Ward,et al.  Securing BGPv4 using IPsec , 2002 .

[23]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1999, TNET.

[24]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[25]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[26]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[27]  Bruce M. Maggs,et al.  On the impact of route monitor selection , 2007, IMC '07.

[28]  Sean W. Smith,et al.  Efficient Security for BGP Route Announcements , 2003 .

[29]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[30]  Michael Behringer BGP Session Security Requirements , 2007 .

[31]  Doug Montgomery,et al.  A Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[32]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[33]  Lixia Zhang,et al.  Report from the IAB Workshop on Routing and Addressing , 2007, RFC.

[34]  Bassam Halabi,et al.  Internet Routing Architectures , 1997 .

[35]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[36]  Yih-Chun Hu,et al.  Efficient Security Mechanisms for Routing Protocolsa , 2003, NDSS.

[37]  Scott Rose,et al.  DNS Security Introduction and Requirements , 2005, RFC.

[38]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[39]  Patrick D. McDaniel,et al.  Optimizing BGP security by exploiting path stability , 2006, CCS '06.

[40]  Zhen Wu,et al.  BGP routing dynamics revisited , 2007, CCRV.

[41]  Steven M. Bellovin,et al.  Guidelines for Cryptographic Key Management , 2005, RFC.

[42]  Cengiz Alaettinoglu,et al.  Routing Policy Specification Language (RPSL) , 1998, RFC.

[43]  Jaideep Chandrashekar,et al.  Limiting path exploration in BGP , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[44]  Ying Zhang,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2010, IEEE/ACM Trans. Netw..

[45]  Ramesh Govindan,et al.  BGP Route Flap Damping , 1998, RFC.

[46]  Wouter Wijngaards,et al.  DNSSEC protected routing announcements for BGP , 2008 .

[47]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM 2007.

[48]  Tony Bates,et al.  Guidelines for creation, selection, and registration of an Autonomous System (AS) , 1996, RFC.

[49]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocols , 2006, SIGMETRICS '06/Performance '06.

[50]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[51]  Stephen T. Kent,et al.  Securing the Border Gateway Protocol: A Status Update , 2003, Communications and Multimedia Security.

[52]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[53]  Yih-Chun Hu Efficient Security Mechanisms for Routing Protocols , 2003 .

[54]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[55]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[56]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.

[57]  Stephen T. Kent,et al.  X.509 Extensions for IP Addresses and AS Identifiers , 2004, RFC.

[58]  Jennifer Rexford,et al.  Stealth Probing: Efficient Data-Plane Security for IP Routing , 2006, USENIX Annual Technical Conference, General Track.

[59]  Karen Seo,et al.  Public-key infrastructure for the Secure Border Gateway Protocol (S-BGP) , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[60]  Randall R. Stewart,et al.  Improving TCP's Robustness to Blind In-Window Attacks , 2010, RFC.

[61]  Daniel Massey,et al.  Detection of invalid routing announcement in the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[62]  Marcus D. Leech Key Management Considerations for the TCP MD5 Signature Option , 2003, RFC.

[63]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.

[64]  M. Bellare,et al.  HMAC: Keyed-Hashing for Message Authentication, RFC 2104 , 2000 .

[65]  Naganand Doraswamy,et al.  IP Security Document Roadmap , 1998, RFC.

[66]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[67]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[68]  Geoff Huston Commentary on Inter-Domain Routing in the Internet , 2001, RFC.

[69]  Daniel R. Simon,et al.  Secure traceroute to detect faulty or malicious routing , 2003, CCRV.

[70]  Christopher Krügel,et al.  Topology-Based Detection of Anomalous BGP Messages , 2003, RAID.

[71]  William Stallings Secure Hash Algorithm , 2011, Encyclopedia of Cryptography and Security.

[72]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.

[73]  Ravishanker Chandra,et al.  BGP Route Reflection An alternative to full mesh IBGP , 1996, RFC.

[74]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[75]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM 2006.

[76]  Saurabh Panjwani,et al.  Analysis of the SPV secure routing protocol: weaknesses and lessons , 2007, CCRV.

[77]  Craig Gentry,et al.  New Multiparty Signature Schemes for Network Routing Applications , 2008, TSEC.

[78]  Donald E. Eastlake,et al.  US Secure Hash Algorithms (SHA and HMAC-SHA) , 2006, RFC.

[79]  Lixin Gao,et al.  On inferring and characterizing Internet routing policies , 2003, Journal of Communications and Networks.

[80]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[81]  Craig Gentry,et al.  Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing , 2007, CCS '07.

[82]  Joseph D. Touch,et al.  The TCP Authentication Option , 2010, RFC.

[83]  Biswanath Mukherjee,et al.  A survey of security techniques for the border gateway protocol (BGP) , 2009, IEEE Communications Surveys & Tutorials.

[84]  Randy Bush,et al.  DNS-based NLRI origin AS verification in BGP , 1998 .

[85]  Lixin Gao,et al.  Detecting bogus BGP route information: Going beyond prefix hijacking , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[86]  Yi Yang,et al.  Generic Threats to Routing Protocols , 2006, RFC.

[87]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[88]  Geoff Huston,et al.  Scaling Inter-Domain Routing—A View Forward , 2001 .

[89]  Joan Feigenbaum,et al.  Incrementally-Deployable Security for Interdomain Routing , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[90]  S. Gorman,et al.  Least Effort Strategies for Cybersecurity , 2003, cond-mat/0306002.

[91]  Sean W. Smith,et al.  Aggregated path authentication for efficient BGP security , 2005, CCS '05.

[92]  Cheryl Madson,et al.  The Use of HMAC-MD5-96 within ESP and AH , 1998, RFC.

[93]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[94]  Brian Weis,et al.  Automated key selection extension for the TCP Enhanced Authentication Option , 2007 .

[95]  D. Richard Kuhn,et al.  Study of BGP Peering Session Attacks and Their Impacts on Routing Performance , 2006, IEEE Journal on Selected Areas in Communications.

[96]  J.J. Garcia-Luna-Aceves,et al.  Securing the border gateway routing protocol , 1996, Proceedings of GLOBECOM'96. 1996 IEEE Global Telecommunications Conference.

[97]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[98]  Enke Chen,et al.  Route Refresh Capability for BGP-4 , 2000, RFC.

[99]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[100]  Tony Tauber,et al.  BGP Security Requirements , 2008 .

[101]  Stefan Savage,et al.  Detecting and Isolating Malicious Routers , 2006, IEEE Transactions on Dependable and Secure Computing.

[102]  Sandra Murphy BGP Security Analysis , 2001 .

[103]  Ted Krovetz,et al.  UMAC: Message Authentication Code using Universal Hashing , 2006, RFC.

[104]  Lixia Zhang,et al.  Quantifying Path Exploration in the Internet , 2006, IEEE/ACM Transactions on Networking.

[105]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[106]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[107]  Silvio Micali,et al.  On-line/off-line digital signatures , 1996, Journal of Cryptology.

[108]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[109]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[110]  Jennifer Rexford,et al.  Autonomous security for autonomous systems , 2008, Comput. Networks.

[111]  Jennifer Rexford,et al.  Don't Secure Routing Protocols, Secure Data Delivery , 2006, HotNets.

[112]  J. J. Garcia-Luna-Aceves,et al.  Efficient security mechanisms for the border gateway routing protocol , 1998, Comput. Commun..

[113]  Vern Paxson,et al.  Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications , 2002, SIGCOMM 2002.

[114]  Eric Rescorla,et al.  Deploying a New Hash Algorithm , 2006, NDSS.

[115]  Steven M. Bellovin Key Change Strategies for TCP-MD5 , 2007 .

[116]  Geoff Huston,et al.  BGP Wedgies , 2005, RFC.

[117]  Sean W. Smith,et al.  Evaluating the Performance Impact of PKI on BGP Security , 2005 .

[118]  Yakov Rekhter,et al.  Border Gateway Protocol 3 (BGP-3) , 1991, RFC.

[119]  Steven M. Bellovin,et al.  Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification , 2006, RFC.

[120]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[121]  Florent Parent,et al.  Routing Policy Specification Language next generation (RPSLng) , 2005, RFC.

[122]  Nick Feamster,et al.  Some Foundational Problems in Interdomain Routing , 2004 .

[123]  Stefan Savage,et al.  Fatih: detecting and isolating malicious routers , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[124]  Klara Nahrstedt,et al.  Identity-based registry for secure interdomain routing , 2006, ASIACCS '06.

[125]  Christian Huitema,et al.  Routing in the Internet , 1995 .

[126]  David Meyer,et al.  The Generalized TTL Security Mechanism (GTSM) , 2004, RFC.

[127]  Joseph Kee-yin Ng,et al.  Extensions to BGP to Support Secure Origin BGP , 2004 .

[128]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[129]  Daniel Massey,et al.  A framework for resilient Internet routing protocols , 2004, IEEE Network.

[130]  Steven M. Bellovin,et al.  Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification , 2006, RFC.

[131]  Dave Katz,et al.  Multiprotocol Extensions for BGP-4 , 1998, RFC.

[132]  Martin Suchara,et al.  Securing BGP incrementally , 2007, CoNEXT '07.

[133]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[134]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[135]  Jon Crowcroft,et al.  Integrating security in inter-domain routing protocols , 1993, CCRV.

[136]  Andrew B. Whinston,et al.  Reengineering the internet for better security , 2007, Computer.

[137]  Dan Pei,et al.  A light-weight distributed scheme for detecting ip prefix hijacks in real-time , 2007, SIGCOMM '07.

[138]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[139]  Stephen Wilson Public key superstructure "it's PKI Jim, but not as we know it!" , 2008, IDtrust '08.

[140]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[141]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[142]  Geoff Huston,et al.  Measures of Self-similarity of BGP Updates and Implications for Securing BGP , 2007, PAM.

[143]  Charles L. Hedrick,et al.  Routing Information Protocol , 1988, RFC.