Aggregated path authentication for efficient BGP security

  • Authors:
  • Meiyuan Zhao;Sean W. Smith;David M. Nicol

  • Affiliations:
  • Dartmouth College, Hanover, NH;Dartmouth College, Hanover, NH;University of Illinois, Urbana, IL

  • Venue:
  • Proceedings of the 12th ACM conference on Computer and communications security
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

The Border Gateway Protocol (BGP) controls inter-domain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. Secure BGP (S-BGP) uses DSA to provide route authentication and mitigate many of these risks. However, many performance and deployment issues prevent S-BGP's real-world deployment. Previous work has explored improving S-BGP processing latencies, but space problems, such as increased message size and memory cost, remain the major obstacles. In this paper, we design aggregated path authentication schemes by combining two efficient cryptographic techniques---signature amortization and aggregate signatures. We propose six constructions for aggregated path authentication that substantially improve efficiency of S-BGP's path authentication on both speed and space criteria. Our performance evaluation shows that the new schemes achieve such an efficiency that they may overcome the space obstacles and provide a real-world practical solution for BGP security.