Secure Border Gateway Protocol and the External Routing Intrusion Detection System
Abstract
The Border Gateway Protocol (BGP), which is used to distribute routing information between autonomous systems (ASes), is a critical component of the Internet's routing infrastructure. It is highly vulnerable to a variety of malicious attacks due to the lack of a secure means of verifying the authenticity and legitimacy of BGP control traffic. The Secure BGP projects designed a secure, scalable, deployable architecture (S-BGP) for an authorization and authentication system that addresses most of the security problems associated with BGP. This contract final report includes the following documents concerning S-BGP: Lessons Learned from the Secure BGP Proof-of-Concept Implementation; Secure Border Gateway Protocol (S-BGP); Design and Analysis of the Secure Border Gateway Protocol (S-BGP). The last two items discuss the vulnerabilities and security requirements associated with BGP, describe the S-BGP countermeasures, and explain how they address these vulnerabilities and requirements. In addition, the papers provide a comparison of this architecture with other approaches that have been proposed, analyze the performance implications of the proposed countermeasures, and address operational issues.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2000
- Accession Number
- ADA386575
Entities
People
- Luis A. Sanchez
- Stephen T. Kent
Organizations
- BBN Technologies