On interdomain routing security and pretty secure BGP (psBGP)

ACM Transactions on Information and System Security

Volumn 10, Issue 3, 2007, Pages

  Van Oorschot, P C ^a   Wan, Tao ^a   Kranakis, Evangelos ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

Authentication; BGP; Certificates; Interdomain routing; Public key infrastructure; Secure routing protocols; Trust

Indexed keywords

CERTIFICATES; INTERDOMAIN ROUTING; PUBLIC-KEY INFRASTRUCTURE; SECURE ROUTING PROTOCOLS;

AUTHENTICATION; COMPUTER CRIME; MATHEMATICAL MODELS; NETWORK ARCHITECTURE;

ROUTING PROTOCOLS;

EID: 34547504417     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1266977.1266980     Document Type: Article

References (58)

1. ADAMS, C. AND LLOYD, S. 2003. Understanding Public-Key Infrastructure, 2nd Ed. Addison-Wesley, Reading, MA.
2. AIELLO, W., IOANNIDIS, J., AND MCDANIEL, P. 2003. Origin authentication in interdomain routing. In Proceedings of the 10th ACM Conference on Computer and Communications Security. Washington, D.C., 165-178.
3. BARBIR, A., MURPHY, S., AND YANG, Y. 2004. Generic threats to routing protocols. Internet Draft.
4. BELLOVIN, S. 1989. Security problems in the TCP/IP protocol suite. Computer Communications Review. 19, 32-48.
5. BELLOVIN, S. 2004. A look back at "security problems in the TCP/IP protocol suite". In The 20th Annual Computer Security Applications Conference (ACSAC04). Tucson, Arizona.
6. BELLOVIN, S. AND GANSNER, E. 2003. Using link cuts to attack internet routing. Unpublished manuscript.
7. BELLOVIN, S., IOANNIDIS, J., AND BUSH, R. 2005. Position paper: Operational requirements for secured BGP. In DHS Secure Routing Workshop.
8. BONEH, D., BOYEN, X., AND SHACHAM, H. 2004. Short group signatures. In Proceedings of Crypto 2004. Vol. 3152. 41-55.
9. BURROWS, M., ABADI, M., AND NEEDHAM, R. 1990. A logic of authentication. In Research Report 39. Digital Systems Research Center of Digital Equipment Corporation, Palo Alto, CA, 8, 1(Feb.), 18-36.
10. DEMPSTER, A. 1967. Upper and lower probabilities induced by a multivalued mapping. The Annals of Statistics 28, 325-339.
11. DHS. 2005. DHS secure routing workshop. Department of Homeland Security, Washington, D.C.
12. GAARDER, K. AND SNEKKENES, E. 1991. Applying a formal analysis technique to the CCIT X.509 strong two-way authentication protocol. Journal of Cryptology 3, 81-98.
13. GAO, L. 2000. Inferring autonomous system relationships in the Internet. In IEEE Global Internet.
14. GLIGOR, V., KAILAR, R., STUBBLEBINE, S., AND GONG, L. 1991. Logics for cryptographic protocolsvirtues and limitations. In Proceedings of the Computer Security Foundations Workshop IV. Los Alamitos, CA. 219-226.
15. GOODELL, G., AIELLO, W., GRIFFIN, T., IOANNIDIS, J., MCDANIEL, P., AND RUBIN, A. 2003. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing. In Proceedings of the 2003 ISOCSymposium on Network and Distributed Systems Security (NDSS'03). San Diego, CA. 75-85.
16. GUIDA, R., STAHL, R., BUNT, T., SECREST, G., AND MOORCONES, J. 2004. Deploying and using public key technology: Lessons learned in real life. IEEE Security and Privacy (July/Aug.). 67-71.
17. HEDRICK, C 1988. Routing information protocol. IETF RFC 1058.
18. HEFFERNAN, A. 1998. Protection of BGP sessions via the TCP MD5 signature option. IETF RFC 2385.
19. HOUSLEY, R., FORD, W., POLK, W., AND SOLO, D. 1999. Internet X.509 public key infrastructure-certificate and CRL profile. IETF RFC 2459.
20. HU, Y., PERRIG, A., AND SIRBU, M. 2004. SPV: Secure path vector routing for securing BGP. In Proceedings of ACM 2004 SIGCOMM. Portland, OR.
21. IRR. 2005. Internet routing registry, http://www.irr.net.
22. JUST, M., KRANAKIS, E., AND WAN, T. 2003. Resisting malicious packet dropping in wireless ad hoc networks. In Proceedings of the 2nd Annual Conference on Adhoc Networks and Wireless (ADHOCNOW'03).
23. KAUFMAN, C. 2005. The internet key exchange (IKEv2) protocol. IETF RFC 4306.
24. KENT, S. 2003. Securing the border gateway protocol: A status update. In Seventh IFIP TC-6 TC-11 Conference on Communications and Multimedia Security.
25. KENT, S. 2005. IP encapsulating security payload (ESP). IETF RFC 4303.
26. KENT, S. 2006. An infrastructure supporting secure internet routing. In Third European PKI Workshop.
27. KENT, S. AND ATKINSON, P. 1998a. Security architecture for the Internet protocol. IETF RFC 2401.
28. KENT, S. AND ATKINSON, P. 1998b. IP encapsulating security payload (ESP). IETF RFC 2406.
29. KENT, S., LYNN, C., MIKKELSON, J., AND SEO, K. 2000. Secure border gateway protocol (S-BGP) real world performance and deployment issues. In Proceedings of the 2000 ISOC Symposium on Network and Distributed Systems Security (NDSS'00).
30. KENT, S., LYNN, C., AND SEO, K. 2000. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18, 4 (Apr.), 582-592.
31. KOBLITZ, N. AND MENEZES, A. 2004. Another look at "provable security." Cryptology ePrint Archive, Report 2004/152. To Appear in Journal of Cryptology. http://eprint.iacr.org/2004/152/.
32. KRUEGEL, C., MUTZ, D., ROBERTSON, W., AND VALEUR, F. 2003. Topology-based detection of anomalous BGP messages. In Proceedings of the 6th Symposium on Recent Advances in Intrusion Detection (RAID'03).
33. KUMAR, B. AND CROWCROFT, J. 1993. Integrating security in interdomain routing protocols. ACM SIGCOMM Computer Communication Review 23, 5 (Oct.), 36-51.
34. LYNN, C., KENT, S., AND SEO, K. 2003. X.509 Extensions for IP Addresses and AS Identifiers. draft-ietf-pkix-x509- ipaddr-as-extn-02.txt.
35. MA, C., HU, N., AND LI, Y. 2006. On the release of CRLs in public key infrastructure. In Proceeding of 15th USENIX Security Symposium.
36. MAURER, U. 1996. Modelling a public-key infrastructure. In Proceedings of the 4th European Symposium on Research in Computer Security (ESORICS'96). 324-350.
37. MURPHYS. 2002a. BGP Security Vulnerabilities Analysis. draft-murphy-bgp-vuln-00.txt.
38. MURPHYS. 2002b. BGP Security Protections, draft-murphy-bgp- protect-00.txt.
39. NICOL, D., SMITH, S., AND ZHAO, M. 2004. Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Pratice and Theory Journal, Special Issue on Modeling, 187-216.
40. PERLMAN, R. 1988. Network layer protocols with byzantine robustness. Tech. Rep. MIT/LCS/TR-429.
41. REITER, M. AND STUBBLEBINE, S. 1997. Toward acceptable metrics of authentication. In Proceedings of 1997 IEEE Symposium on Security and Privacy. 10-20.
42. REKHTER, Y. AND LI, T. 1995. Aborder gateway protocol 4(BGP 4). IETF RFC 1771.
43. RETANA, A. AND WHITE, R. 2002. BGP Custom decision process, draft-retana-bgp-custom-decision-00.txt.
44. ROUTEVIEWS. 2005. Route views project, http://www.routeviews. org.
45. SEO, K., LYNN, C., AND KENT, S. 2001. Public-key infrastructure for the secure border gateway protocol (S-BGP). In IEEE DARPA Information Survivability Conference and Exposition II.
46. SHAFER, G. 1976. A Mathematical Theory of Evidence. Princeton University Press, Princeton, NJ.
47. SUBRAMANIAN, L., ROTH, V., STOICA, I., SHENKER, S., AND KATZ, R. 2004. Listen and whisper: Security mechanisms for BGP. In Proceedings of the First Symposium on Networked Systems Design and Implementation (NSDI'04), San Francisco, CA.
48. VILLAMIZAR, C., ALAETTINOGLU, C., MEYER, D., AND MURPHY, S. 1999. Routing policy system security. IETF RFC 2725.
49. WAN, T. 2006. Securing routing protocols through information corroboration. Ph.D. thesis, Carleton University, Ottawa, Canada.
50. WAN, T., KRANAKIS, E., AND VAN OORSCHOT, P. 2004. S-RIP: A secure distance vector routing protocol. In Proceedings of the Applied Cryptography and Network Security (ACNS'04). Vol. 3089. 103-119.
51. WAN, T., KRANAKIS, E., AND VAN OORSCHOT, P. 2005. Pretty secure BGP (psBGP). In Proceedings of the 2005 ISOC Symposium on Network and Distributed Systems Security (NDSS'05). San Diego, CA.
52. WAN, T., VAN OORSCHOT, P., AND KRANAKIS, E. 2007. A selective introduction to border gateway protocol (BGP) security issues. In Proceedings of the NATO Advanced Studies Institute on Network Security and Intrusion Detection. Nork, Yerevan, Armenia. IOS Press (to appear, 2007).
53. WHITE, R. 2003. Securing BGP through secure origin BGP. The Internet Protocol Journal 6, 3, 15-22.
54. WHITE, R., MCPHERSON, D., AND SANGLI, S. 2004. Practical BGP. Addison-Wesley, Reading, MA.
55. ZHAO, M., SMITH, S., AND NICOL, D. 2005a. Aggregated path authentciation for efficient BGP security. In Proceedings of 12th ACM Conference on Computer and Communications Security. Alexandria, VA.
56. ZHAO, M., SMITH, S., AND NICOL, D. 2005b. Evaluating the performance impact of PKI on BGP security. In Proceedings of 4th Annual PKI Research Workshop (PKI'05). Gaithersburg, MD.
57. ZIMMERMANN, P. 1995. The Official PGP User's Guide (second printing). MIT Press, Cambridge, MA.
58. ZSAKO, J. 1999. PGP authentication for RIPEdatabase updates. IETF RFC 2726.