Transitioning Secure Border Gateway Protocol (S-BGP) Into the Internet

Abstract

Internet routing is based on a distributed system composed of many routers grouped into management domains called Autonomous Systems (ASes). Routing information is exchanged between ASes in Border Gateway Protocol (BGP) UPDATE messages. BGP is a critical component of the Internet's routing infrastructure. However, it is highly vulnerable to a variety of attacks due to the lack of a scalable means of verifying the authenticity and authorization of BGP control traffic. Secure BGP (S-BGP) addresses these vulnerabilities. The S-BGP architecture employs three security mechanisms. First, a Public Key Infrastructure (PKl) is used to support the authentication of ownership of P address blocks, ownership of Autonomous System (AS) numbers, and a BGP router's identity and its authorization to represent as AS. Second, a new, optional, GBP transitive path attribute is employed to carry digital signatures ("route attestations") covering the routing information in a BGP UPDATE. Third, IPsec is used to provide data and partial sequence integrity, and to enable BGP routers to authenticate each other for exchanges of BGP control traffic.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2004
Accession Number
ADA422110

Entities

People

  • Charles W. Lynn
  • Karen S. Seo
  • Stephen T. Kent

Organizations

  • BBN Technologies

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Autonomous Systems
  • Computer Networks
  • Computer Programs
  • Computers
  • Computing System Architectures
  • Engineering
  • Infrastructure
  • Internet
  • Network Protocols
  • Networks
  • Operating Systems
  • Reliability
  • Routing Protocols
  • Security
  • Vulnerability
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Economics

Technology Areas

  • Autonomy
  • Autonomy - Autonomous System Control
  • Cyber