Enhancing the trust of internet routing with lightweight route attestation

  • Authors:
  • Qi Li;Mingwei Xu;Jianping Wu;Xinwen Zhang;Patrick P. C. Lee;Ke Xu

  • Affiliations:
  • Tsinghua University;Tsinghua University;Tsinghua University;Huawei America Research Center;The Chinese University of Hong Kong;Tsinghua University

  • Venue:
  • Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

The weak trust model in Border Gateway Protocol (BGP) introduces severe vulnerabilities for Internet routing including active malicious attacks and unintended misconfigurations. Although various secure BGP solutions have been proposed, they share similar weaknesses such as high complexity of security enforcement and incapability of data-plane attack prevention. We propose TBGP, a trusted BGP scheme aiming to achieve high authenticity of Internet routing with a simple and lightweight attestation mechanism. TBGP introduces a set of route update and withdrawal rules that, if correctly enforced by each router, can guarantee the authenticity and integrity of route information that is announced to other routers in the Internet. Through this, TBGP builds a transitive trust relationship among all routers on a routing path. We implement a prototype of TBGP to investigate its practicality. In our implementation, we use identity-based signature (IBS) and trusted computing (TC) techniques to further reduce the complexity of security operations. The performance study show that TBGP can achieve significantly better convergence performance and lower computation overhead than existing secure BGP solutions.