Stable internet routing without global coordination
IEEE/ACM Transactions on Networking (TON)
Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Origin authentication in interdomain routing
Proceedings of the 10th ACM conference on Computer and communications security
On inferring and characterizing internet routing policies
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Quantifying path exploration in the internet
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Optimizing BGP security by exploiting path stability
Proceedings of the 13th ACM conference on Computer and communications security
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Accurate Real-time Identification of IP Prefix Hijacking
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
On interdomain routing security and pretty secure BGP (psBGP)
ACM Transactions on Information and System Security (TISSEC)
PHAS: a prefix hijack alert system
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Ispy: detecting ip prefix hijacking on my own
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Cyclops: the AS-level connectivity observatory
ACM SIGCOMM Computer Communication Review
Symmetric Key Approaches to Securing BGP --- A Little Bit Trust Is Enough
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
NetReview: detecting when interdomain routing goes wrong
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Safeguarding data delivery by decoupling path propagation and adoption
INFOCOM'10 Proceedings of the 29th conference on Information communications
How secure are secure interdomain routing protocols
Proceedings of the ACM SIGCOMM 2010 conference
Putting BGP on the right path: a case for next-hop routing
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
MobilityFirst future internet architecture project
AINTEC '11 Proceedings of the 7th Asian Internet Engineering Conference
Inter-AS Inbound Traffic Engineering via ASPP
IEEE Transactions on Network and Service Management
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Toward internet-wide multipath routing
IEEE Network: The Magazine of Global Internetworking
The security appliance to BIRD software router
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
Hi-index | 0.00 |
The de facto inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the reliability of the Internet routing system. However, the system may also be devastated by forged BGP routes that are generated by malicious attacks or mis-configurations. This security problem has attracted considerable attention, and although several solutions has been proposed, none of them have been widely deployed due to weaknesses such as high computational cost or potential security vulnerability. This paper proposes Fast Secure BGP (FS-BGP), an efficient mechanism that can secure AS-paths and prevent prefix hijacking by signing critical AS-path segments. We prove that FS-BGP achieves a similar level of security as S-BGP, but with much higher efficiency. Compared with S-BGP, the cost of signing and verification in FS-BGP can be reduced by orders of magnitude, as demonstrated in our experiments using BGP UPDATE data collected from real backbone routers. Indeed, the signing and verification can be accomplished as fast as the most bursty BGP UPDATE arrivals, which implies that FS-BGP will hardly delay the propagation of routing information.