A Secure Inter-Domain Routing Protocol

The paper proposes a new secure inter-domain routing protocol, which is called identity-based inter-domain routing (id2r). id2r consists of an origin AS verification mechanism AT (assignment track) and an AS PATH verification mechanism IBAPV (identity-based aggregate path verification). The basic idea of AT is that all ASes must provide the assignment track and attestations of prefixes their originated, and for a prefix, the AS which provides the longest valid assignment track is its legitimate origin AS. With identity-based aggregate signature scheme, IBAPV adopts a single route aggregate attestation to guarantee the authenticity of AS PATH attribute in an update message. It is analyzed that id2r is secure against prefix hijacking and AS PATH forgery attacks. Our performance evaluation results indicate that based on the RouteViews data on December 7, 2007, anid2r router only consumes 1.71Mbytes additional memory,which is 38% of a S-BGP router; id2r has shorter update message than S-BGP; convergence time of id2r with hardware implementation of cryptographic algorithm is acceptable, as a tradeoff.