On interdomain routing security and pretty secure BGP (psBGP)
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
The continuous functioning of the Internet has become so vital to the normal operation of today's electronic communication activities that its disruption can cause catastrophic consequences. However, it is well-known that the modern Internet is not secure; both Internet application software and the underlying Internet infrastructure (such as routing) are vulnerable to a variety of attacks. This thesis studies the vulnerabilities of Internet routing protocols and examines practical mechanisms for improving their security. Specifically, we propose to verify the factual correctness of routing updates in a vectoring routing protocol by corroborating information from multiple sources. Based on this method, two proposals, S-RIP and psBGP, are developed for respectively improving the security of Routing Information Protocol (RIP) and the Border Gateway Protocol (BGP), both of which are based on vectoring approaches and widely used on the Internet. Advantages of our proposals include: simplicity---cryptographic mechanisms used are manageable; effectiveness---they can successfully defend against threats from uncoordinated malicious parties; and incremental deployability---they can be incrementally deployed with some incremental benefits.