Stable Internet routing without global coordination
Proceedings of the 2000 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Authenticated encryption in SSH: provably fixing the SSH binary packet protocol
Proceedings of the 9th ACM conference on Computer and communications security
Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Origin authentication in interdomain routing
Proceedings of the 10th ACM conference on Computer and communications security
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Aggregated path authentication for efficient BGP security
Proceedings of the 12th ACM conference on Computer and communications security
Modeling adoptability of secure BGP protocols
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Optimizing BGP security by exploiting path stability
Proceedings of the 13th ACM conference on Computer and communications security
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Extended Abstract: Provable-Security Analysis of Authenticated Encryption in Kerberos
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Path-quality monitoring in the presence of adversaries
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Rationality and traffic attraction: incentives for honest path announcements in bgp
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Accountable internet protocol (aip)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Cyclops: the AS-level connectivity observatory
ACM SIGCOMM Computer Communication Review
A closer look at PKI: security and efficiency
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Protocols and lower bounds for failure localization in the internet
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
How secure are secure interdomain routing protocols
Proceedings of the ACM SIGCOMM 2010 conference
Let the market drive deployment: a strategy for transitioning to BGP security
Proceedings of the ACM SIGCOMM 2011 conference
Cryptographically sound security proofs for basic and public-key kerberos
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Plaintext-Dependent decryption: a formal security treatment of SSH-CTR
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
BGP security in partial deployment: is the juice worth the squeeze?
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
| Hi-index | 0.00 |
This paper provides the provable-security treatment of path vector routing protocols. We first design a security definition for routing path vector protocols by studying, generalizing, and formalizing numerous known threats. Our model incorporates three major security goals. It is quite strong, yet simple to use. We prove by reduction that S-BGP satisfies two out of the security model's three goals, assuming the underlying signature scheme is secure. Under the same assumption, we next show how the protocol can be modified to meet all three security goals simultaneously. Finally, we study security of partial PKI deployment of path vector protocols when not all nodes have public keys. We investigate the possibilities of relaxing the PKI requirement and relying on the non-cryptographic physical security of the protocol in order to achieve possibly weaker, but still well-defined, notions of security. We also present the necessary and sufficient conditions to achieve full security in the partial PKI deployment scenario. We believe our conclusions will prove useful for protocol developers, standards bodies and government agencies.