Transitioning Secure Border Gateway Protocol (S-BGP) Into the Internet
Final technical rept. Aug 2000-Jan 2004
BBN TECHNOLOGIES CAMBRIDGE MA
Pagination or Media Count:
Internet routing is based on a distributed system composed of many routers grouped into management domains called Autonomous Systems ASes. Routing information is exchanged between ASes in Border Gateway Protocol BGP UPDATE messages. BGP is a critical component of the Internets routing infrastructure. However, it is highly vulnerable to a variety of attacks due to the lack of a scalable means of verifying the authenticity and authorization of BGP control traffic. Secure BGP S-BGP addresses these vulnerabilities. The S-BGP architecture employs three security mechanisms. First, a Public Key Infrastructure PKl is used to support the authentication of ownership of P address blocks, ownership of Autonomous System AS numbers, and a BGP routers identity and its authorization to represent as AS. Second, a new, optional, GBP transitive path attribute is employed to carry digital signatures route attestations covering the routing information in a BGP UPDATE. Third, IPsec is used to provide data and partial sequence integrity, and to enable BGP routers to authenticate each other for exchanges of BGP control traffic.
- Computer Systems Management and Standards