A Survey of BGP Security Issues and Solutions
Kevin R. B. Butler,T.R. Farley,Patrick McDaniel,Jennifer Rexford +3 more
- 01 Jan 2010
- Vol. 98, Iss: 1, pp 100-122
TL;DR: This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security, exploring the limitations and advantages of proposed security extensions to B GP, and explaining why no solution has yet struck an adequate balance between comprehensive security and deployment cost.
read more
Abstract: As the Internet's de facto interdomain routing protocol, the Border Gateway Protocol (BGP) is the glue that holds the disparate parts of the Internet together. A major limitation of BGP is its failure to adequately address security. Recent high-profile outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design of BGP and the ubiquity of its deployment have frustrated past efforts at securing interdomain routing. This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security. We explore the limitations and advantages of proposed security extensions to BGP, and explain why no solution has yet struck an adequate balance between comprehensive security and deployment cost.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Using a Variation of Elgamal Signature to Support Fast and Lazy Authenticating Origin Autonomous Systems
TL;DR: This work is the first work for authenticating origin autonomous systems by using ELGamal signature to achieve a fast scheme that can authenticate address attestations and related public keys only using the information of update messages.
1
Detection of Internet‐wide traffic redirection attacks using machine learning techniques
Ana Catarina Bispo Subtil,M. Rosário Oliveira,Rui Valadas,Paulo Salvador,António Pacheco +4 more
- 27 May 2023
TL;DR: In this paper , the use of machine learning techniques (both unsupervised and supervised) leveraging from a distributed monitoring infrastructure of probes that measure the round trip time to Internet sites under surveillance is addressed.
1
Internet access denial by higher-tier ISPS: A NAT-based solution
Abdulaziz Al-Baiz,Marwan H. Abu-Amara,Ashraf S. Hasan Mahmoud,Mohammed H. Sqalli,Farag Azzedin +4 more
- 08 May 2011
TL;DR: Network Address Translation (NAT) is used as a solution to overcome the Internet access denial problem by hiding the traffic identity, and the proposed solution is scalable to fit large networks, by using pools of IP addresses across several NAT routers.
1
BGP Decision Making Process and Open Problem Analysis
Kang-Won Lee,Young-Marn Ham +1 more
TL;DR: First, BGP is critically reviewed focusing on the BGP policy and decision making process, and then the problems which still remain as open questions are investigated in the areas of 1) protocol stability, 2) traffic engineering and 3) quality of service.
1
A scalable NAT‐based solution to Internet access denial by higher‐tier ISPs
Marwan H. Abu-Amara,Abdulaziz Al-Baiz,Ashraf S. Hasan Mahmoud,Mohammed H. Sqalli,Farag Azzedin +4 more
TL;DR: Network address translation (NAT) is used as a solution to overcome the Internet access denial problem by hiding the traffic identity and is scalable to fit large networks, by using pools of IP addresses across several NAT routers.
1
References
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
A Method for Obtaining Digital Signatures and Public Key Cryptosystems (Formerly on Digital Signatures and Public Key Cryptosystems)
Ronald L. Rivest,Adi Shamir,Len Adelman +2 more
- 01 Jan 1977
TL;DR: In this paper, a message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret prime numbers p and q.
8.2K
On the self-similar nature of Ethernet traffic (extended version)
TL;DR: It is demonstrated that Ethernet LAN traffic is statistically self-similar, that none of the commonly used traffic models is able to capture this fractal-like behavior, and that such behavior has serious implications for the design, control, and analysis of high-speed, cell-based networks.
Short Signatures from the Weil Pairing
Dan Boneh,Ben Lynn,Hovav Shacham +2 more
- 09 Dec 2001
TL;DR: A short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves is introduced, designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.
Related Papers (5)
Hitesh Ballani,Paul Francis,Xinyang Zhang +2 more
- 27 Aug 2007
Yih-Chun Hu,Adrian Perrig,Marvin A. Sirbu +2 more
- 30 Aug 2004
Matt Lepinski,Stephen Kent +1 more
- 01 Feb 2012
Ola Nordstrom,Constantinos Dovrolis +1 more
- 01 Apr 2004