A Survey of BGP Security Issues and Solutions
Kevin R. B. Butler,T.R. Farley,Patrick McDaniel,Jennifer Rexford +3 more
- 01 Jan 2010
- Vol. 98, Iss: 1, pp 100-122
TL;DR: This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security, exploring the limitations and advantages of proposed security extensions to B GP, and explaining why no solution has yet struck an adequate balance between comprehensive security and deployment cost.
read more
Abstract: As the Internet's de facto interdomain routing protocol, the Border Gateway Protocol (BGP) is the glue that holds the disparate parts of the Internet together. A major limitation of BGP is its failure to adequately address security. Recent high-profile outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design of BGP and the ubiquity of its deployment have frustrated past efforts at securing interdomain routing. This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security. We explore the limitations and advantages of proposed security extensions to BGP, and explain why no solution has yet struck an adequate balance between comprehensive security and deployment cost.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Dissertation
Improving the accuracy of the Internet cartography
Vasileios Giotsas
- 28 Nov 2014
TL;DR: A new relationship inference algorithm is proposed to accurately capture both simple and complex AS relationships across two dimensions: prefix type, and geographic location to create a new type of semantically rich Internet map and improve the state of the art in Internet cartography.
BGP protocol anti-routing shake performance analysis and simulation
Li Huang
- 01 Oct 2015
TL;DR: Focus on the typical BGP shock attack algorithm as the reference sample, studied the improved method of attack, and analyzed the performance of the BGP protocol by the experimental simulation.
Open-Source Solution for Identification and Blocking of Anomalous BGP-4 Routing Information
01 Jan 2023
TL;DR: In this article , the authors proposed a solution that performs the analysis of the propagated BGP routing information and detects the anomalous route prefixes using the public information from the routing databases about routing policies and connectivity of all ASes on the Internet.
A Security Mechanism for Detecting Nonfeasance on Inter-domain Routing Forwarding
Chen Zhao,Hanbing Yan,Wang Tang +2 more
- 01 Jan 2016
TL;DR: Based on AS relationships between two-hop distance neighbors, a security mechanism called TwoReply is designed for detecting nonfeasance through introducing feedback approach into the process of BGP route announcements and offers an efficient penalty algorithm to select secure path.
Accurate Real-time Identification of IP Prefix Hijacking
TL;DR: Novel ways to significantly improve the detection accuracy are proposed by combining analysis of passively collected BGP routing updates with data plane fingerprints of suspicious prefixes to disambiguate suspect IP hijacking incidences based on routing anomaly detection.
References
New Directions in Cryptography
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
A Method for Obtaining Digital Signatures and Public Key Cryptosystems (Formerly on Digital Signatures and Public Key Cryptosystems)
Ronald L. Rivest,Adi Shamir,Len Adelman +2 more
- 01 Jan 1977
TL;DR: In this paper, a message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret prime numbers p and q.
8.2K
On the self-similar nature of Ethernet traffic (extended version)
TL;DR: It is demonstrated that Ethernet LAN traffic is statistically self-similar, that none of the commonly used traffic models is able to capture this fractal-like behavior, and that such behavior has serious implications for the design, control, and analysis of high-speed, cell-based networks.
Short Signatures from the Weil Pairing
Dan Boneh,Ben Lynn,Hovav Shacham +2 more
- 09 Dec 2001
TL;DR: A short signature scheme based on the Computational Diffie-Hellman assumption on certain elliptic and hyperelliptic curves is introduced, designed for systems where signatures are typed in by a human or signatures are sent over a low-bandwidth channel.
Related Papers (5)
Hitesh Ballani,Paul Francis,Xinyang Zhang +2 more
- 27 Aug 2007
Yih-Chun Hu,Adrian Perrig,Marvin A. Sirbu +2 more
- 30 Aug 2004
Matt Lepinski,Stephen Kent +1 more
- 01 Feb 2012
Ola Nordstrom,Constantinos Dovrolis +1 more
- 01 Apr 2004