Simple forward-secure signatures from any signature scheme
Proceedings of the 7th ACM conference on Computer and communications security
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
The BiBa one-time signature and broadcast authentication protocol
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
ACM SIGCOMM Computer Communication Review
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Towards provable security for ad hoc routing protocols
Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks
Aggregated path authentication for efficient BGP security
Proceedings of the 12th ACM conference on Computer and communications security
Modeling adoptability of secure BGP protocol
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Forward-security in private-key cryptography
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
We analyze a secure routing protocol, Secure Path Vector (SPV), proposed in SIGCOMM 2004. SPV aims to provide authenticity for route announcements in the Border Gateway Protocol (BGP) using an efficient alternative to ordinary digital signatures, called constant-time signatures. Today, SPV is often considered the best cryptographic defense for BGP. We find subtle flaws in the design of SPV which lead to attacks that can be mounted by 60% of Autonomous Systems in the Internet. In addition, we study several of SPV's design decisions and assumptions and highlight the requirements for security of routing protocols. In light of our analysis, we reexamine the need for constant-time signatures and find that certain standard digital signature schemes can provide the same level of efficiency for route authenticity.