Accession Number:

ADA422110

Title:

Transitioning Secure Border Gateway Protocol (S-BGP) Into the Internet

Descriptive Note:

Final technical rept. Aug 2000-Jan 2004

Corporate Author:

BBN TECHNOLOGIES CAMBRIDGE MA

Report Date:

2004-03-01

Pagination or Media Count:

16.0

Abstract:

Internet routing is based on a distributed system composed of many routers grouped into management domains called Autonomous Systems ASes. Routing information is exchanged between ASes in Border Gateway Protocol BGP UPDATE messages. BGP is a critical component of the Internets routing infrastructure. However, it is highly vulnerable to a variety of attacks due to the lack of a scalable means of verifying the authenticity and authorization of BGP control traffic. Secure BGP S-BGP addresses these vulnerabilities. The S-BGP architecture employs three security mechanisms. First, a Public Key Infrastructure PKl is used to support the authentication of ownership of P address blocks, ownership of Autonomous System AS numbers, and a BGP routers identity and its authorization to represent as AS. Second, a new, optional, GBP transitive path attribute is employed to carry digital signatures route attestations covering the routing information in a BGP UPDATE. Third, IPsec is used to provide data and partial sequence integrity, and to enable BGP routers to authenticate each other for exchanges of BGP control traffic.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE