Title :
Secure Border Gateway Protocol (S-BGP)
Author :
Kent, Stephen ; Lynn, Charles ; Seo, Karen
Author_Institution :
BBN Technol., Cambridge, MA, USA
fDate :
4/1/2000 12:00:00 AM
Abstract :
The Border Gateway Protocol (BGP), which is used to distribute routing information between autonomous systems (ASes), is a critical component of the Internet´s routing infrastructure. It is highly vulnerable to a variety of malicious attacks, due to the lack of a secure means of verifying the authenticity and legitimacy of BGP control traffic. This paper describes a secure, scalable, deployable architecture (S-BGP) for an authorization and authentication system that addresses most of the security problems associated with BGP. The paper discusses the vulnerabilities and security requirements associated with BGP, describes the S-BGP countermeasures, and explains how they address these vulnerabilities and requirements. In addition, this paper provides a comparison of this architecture to other approaches that have been proposed, analyzes the performance implications of the proposed countermeasures, and addresses operational issues.
Keywords :
Internet; message authentication; protocols; public key cryptography; security of data; telecommunication network routing; telecommunication traffic; BGP control traffic; Internet routing infrastructure; S-BGP; S-BGP countermeasures; authentication system; authenticity verification; authorization system; autonomous systems; deployable architecture; legitimacy verification; malicious attacks; operational issues; performance; public key cryptography; routing information distribution; scalable architecture; secure Border Gateway Protocol; secure architecture; security problems; security requirements; vulnerabilities; Authentication; Authorization; Cryptographic protocols; Digital signatures; Information security; Internet; Performance analysis; Public key cryptography; Routing protocols; Traffic control;
Journal_Title :
Selected Areas in Communications, IEEE Journal on
