TR-05-08: On Inter-domain Routing Security and Pretty Secure BGP (psBGP)

Abstract

It is well known that the Border Gateway Protocol (BGP), the IETF standard inter-domain routing protocol, is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large scale service disruption. In this paper, we present Pretty Secure BGP (psBGP) – a proposal for securing BGP, including an architectural overview, design details for significant aspects, and preliminary security and operational analysis. psBGP differs from other security proposals (e.g., S-BGP and soBGP) in that it makes use of a single-level PKI for AS number authentication, a decentralized trust model for verifying the propriety of IP prefix origin, and a rating-based stepwise approach for AS PATH (integrity) verification. psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operation, e.g., using a PKI with a simple structure, with a small number of certificate types, and of manageable size. psBGP is designed to successfully defend against various (non-malicious and malicious) threats from uncoordinated BGP speakers, and can be incrementally deployed with some incremental benefits. Categories and Subject Descriptors: C.2.6 [Computer-Communication Networks]: Internetworking—Security General Terms: Inter-domain Routing, Security Additional Key Words and Phrases: BGP, Trust, Routing Security, Secure Routing Protocols