Securing the border gateway routing protocol

We analyze the security of the border gateway routing protocol and identify a number of vulnerabilities in its design and the corresponding threats. We then present a set of proposed modifications to the protocol which minimize or eliminate the most significant threats. The innovation we introduce is the protection of the second-to-last information contained in the autonomous path attributes by the digital signatures, and the use of techniques developed for detecting loops in path-finding protocols to verify the selected route's path information. With these techniques we are able to secure full path information in near constant space, and avoid the recursive protection mechanisms previously assumed necessary.

[1]  J. J. Garcia-Luna-Aceves,et al.  A loop-free extended Bellman-Ford routing protocol without bouncing effect , 1989, SIGCOMM 1989.

[2]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[3]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[4]  S. Kent Comments on “security problems in the TCP/IP protocol suite” , 1989, CCRV.

[5]  Brijesh Kumar,et al.  Integration of security in network routing protocols , 1993, SGSC.

[6]  Laurent Joncheray A Simple Active Attack Against TCP , 1995, USENIX Security Symposium.

[7]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[8]  Deborah Estrin,et al.  A protocol for route establishment and packet forwarding across multidomain internets , 1993, TNET.

[9]  Whitfield Dif Security for the DoD Transmission Control Protocol , 1986 .

[10]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[11]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[12]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[13]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[14]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[15]  Jon Crowcroft,et al.  Integrating security in inter-domain routing protocols , 1993, CCRV.

[16]  J. J. Garcia-Luna-Aceves,et al.  An efficient routing protocol for wireless networks , 1996, Mob. Networks Appl..