Organizer: CROSSING, Prof. Waidner
Internet is comprised of large number of Autonomous Systems (AS) that establish connectivity globally by sharing path information. The protocol through which these ASes communicate with each other and route traffic is called Border Gateway Protocol (BGP). BGP is internet’s inter domain routing protocol, which trusts BGP speakers and messages shared by BGP speakers to be valid without verifying these messages. Due to its large install base and lack of security mechanism even a single malicious BGP speaker could disrupt proper operation of internet.
This presentation examines routing architecture of internet in particular the design and operation of BGP before presenting different security architectures that enhance security of BGP. More specifically Secure BGP (S-BGP), Signed Origin BGP (soBGP), Pretty Secure BGP (psBGP), Interdomain Route Validation (IRV), pgBGP, and TCP MD5 are reviewed. S-BGP uses public key cryptography and each BGP speaker signs the message before forwarding it to its peers. This increases computation overhead at BGP speakers due to verification of large number of signatures. Signed Origin BGP (soBGP) is an effort to reduce the computation at each BGP speaker. In this approach authors proposed that connectivity among ASes is stored and is consulted each time the packet is received. The drawback of this approach is that topology needs to be updated and synchronized among all BGP speakers. Other proposals use server to query for the validity of the information. The solution based on this approach includes IRV and DNS based systems. However these approaches require functional network to query to DNS or IRV server. To date no proposals have been seen to provide adequate security, low performance overhead and incremental deployment. A modified version of public key infrastructure (Resource Public Key Infrastructure) is being deployed which provides certificates and a mechanism to verify these certificates. RPKI can be used to verify prefix origin and route validation.
Other proposals for securing BGP with cryptographically protected infrastructures, such as using DNSSEC to represent route origination information in the reverse DNS, but these are still in the experimental and research stage. Since the number of update messages is huge, thus cryptography computation must be low otherwise it could lead to denial of service attack given enough invalid messages. Thus efforts are required to reduce computational overhead in order for these cryptography based solutions to be standardized.