Secure Border Gateway Protocol and the External Routing Intrusion Detection System

Kent, Stephen T.; Sanchez, Luis A.

Secure Border Gateway Protocol and the External Routing Intrusion Detection System

Active / Technical Report | Accession Number: ADA386575 |

Open PDF

Abstract:

The Border Gateway Protocol BGP, which is used to distribute routing information between autonomous systems ASes, is a critical component of the Internets routing infrastructure. It is highly vulnerable to a variety of malicious attacks due to the lack of a secure means of verifying the authenticity and legitimacy of BGP control traffic. The Secure BGP projects designed a secure, scalable, deployable architecture S-BGP for an authorization and authentication system that addresses most of the security problems associated with BGP. This contract final report includes the following documents concerning S-BGP Lessons Learned from the Secure BGP Proof-of-Concept Implementation Secure Border Gateway Protocol S-BGP Design and Analysis of the Secure Border Gateway Protocol S-BGP. The last two items discuss the vulnerabilities and security requirements associated with BGP, describe the S-BGP countermeasures, and explain how they address these vulnerabilities and requirements. In addition, the papers provide a comparison of this architecture with other approaches that have been proposed, analyze the performance implications of the proposed countermeasures, and address operational issues.

Author(s):

Kent, Stephen T. ; Sanchez, Luis A.

Author Organization(s):

BBN TECHNOLOGIES CAMBRIDGE MA

Descriptive Note:

Final technical rept. Jun 1998-Dec 1999

Pagination:

0092

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

AFRL-IF-RS-TR-2000-140

Contract/Grant Number(s):

F30602-92-C-0242, DARPA ORDER-G403

Task Number(s):

00

Project Number(s):

G403

Monitor Series:

TR-2000-140, AFRL-IF-RS

Subject Terms

Joint Capability Areas:

JCA_6.1.3_Switching and Routing; JCA_6_Net Centric; JCA_6.1.2_Wireless Transmission; JCA_6.1_Information Transport; JCA_5_Command and Control; JCA_4.6_Engineering; JCA_4.6.1_General Engineering; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_6.4.3_Respond to Attack Event; JCA_8_Building Partnerships; JCA_6.4.1_Secure Information Exchange; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_5.3_Planning; JCA_7_Protection; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_5.3.2_Apply Situational Understanding

Modernization Areas:

Cyber; Microelectronics; Autonomy

Communities of Interest:

Cyber

Descriptor(s):

*COMPUTER GATEWAYS, *ELECTRONIC SECURITY, *COMMUNICATIONS PROTOCOLS, LESSONS LEARNED, CRYPTOGRAPHY, ROUTING, DIGITAL COMMUNICATIONS, INTERNET, INTRUSION DETECTION

Field(s)/Group(s):

Computer Systems, Computer Systems Management and Standards

Keyword(s):

BGP(BORDER GATEWAY PROTOCOL), PKI(PUBLIC KEY INFRASTRUCTURE), ERIDS(EXTERNAL ROUTING INTRUSION DETECTION SYSTEM), PE62301E, WUAFRLG4030001

Report Date:

2000 Sep 01

Creation Date:

2001 Feb 28