Abstract
The Border Gateway Protocol (BGP) [1] is the foundation of inter-domain Internet routing. A number of papers have described how BGP is highly vulnerable to a wide range of attacks [2, 3], and several proposals have been offered to secure BGP [4, 5, 6, 7, 8]. Most of these proposed mechanisms rely on a PKI, to provide trusted inputs for routing security mechanisms, to enable BGP routers to reject bogus routing advertisements. This paper provides a detailed proposal for a PKI, including a repository system, representing IP address allocation and Autonomous System number assignment,. This infrastructure offers a near term opportunity to improve routing security, since it does not require changes to routers, while also setting the stage for more comprehensive BGP security initiatives in the future.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Rekhter, Y., Li, T.: A Border Gateway Protocol 4 (BGP-4), RFC 4271 (2006)
Murphy, S.: BGP Security Vulnerabilities Analysis. RFC 4272 (2006)
Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)
Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., Rubin, A.: Working Around BGP: An Incremental Approach to Improving Security and Accuracy for Interdomain Routing. In: Network and Distributed System Security Symposium, pp. 75–85 (2003)
Hu, Y.-C., Perrig, A., Johnson, D.: Efficient Security Mechanisms for Routing Protocols. In: Network and Distributed System Security Symposium, pp. 57–73 (2003)
Wan, T., Kranakis, E., van Oorschot, P.C.: Pretty Secure BGP (psBGP). In: Network and Distributed System Security Symposium (2005)
Kent, S.: Securing BGP: S-BGP. The Internet Protocol Journal 6(3), 2–14 (2003)
White, R.: Securing BGP: soBGP. The Internet Protocol Journal 6(3), 15–22 (2003)
Seo, K., Lynn, C., Kent, S.: Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP). In: DARPA Information Survivability Conference and Exposition (2001)
Recommendation for Key Management - Part 1: General, NIST Special Publication, 800-857 (2005)
Arkko, J., et al.: SEcure Neighbor Discovery (SEND). RFC 3971 (2005)
Chokhani, S., Ford, W., Sabett, R., Merrill, C., Wu, S.: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, RFC 3647 (2003)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure – Certificate and Certificate Revocation List (CRL) Profile, RFC 3280 (2002)
Lynn, C., Kent, S., Seo, K.: X.509 Extensions for IP Addresses and AS Identifiers, RFC 3779 (2004)
FIPS Federal Information Processing Standards Publication 140-2 (FIPS PUB 140-2), Security Requirements for Cryptographic Modules, Information Technology Laboratory, National Institute of Standards and Technology (2001)
Hodges, J., Morgan, R.: Lightweight Directory Access Protocol (v3): Technical Specification. RFC 3377 (2002)
Zhao, M., Smith, S., Nicol, D.: The Performance Impact of BGP Security. IEEE Network 19(5), 42–48 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kent, S. (2006). An Infrastructure Supporting Secure Internet Routing. In: Atzeni, A.S., Lioy, A. (eds) Public Key Infrastructure. EuroPKI 2006. Lecture Notes in Computer Science, vol 4043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11774716_10
Download citation
DOI: https://doi.org/10.1007/11774716_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35151-1
Online ISBN: 978-3-540-35152-8
eBook Packages: Computer ScienceComputer Science (R0)