{"id":13118,"date":"2021-12-06T18:41:48","date_gmt":"2021-12-06T23:41:48","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13118"},"modified":"2021-12-06T18:41:48","modified_gmt":"2021-12-06T23:41:48","slug":"tr-04-07-pretty-secure-bgp-psbgp","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/","title":{"rendered":"TR-04-07: Pretty Secure BGP (psBGP)"},"content":{"rendered":"<p>Carleton University<br \/>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/\">Technical Report<\/a> TR-04-07<br \/>\nSeptember 2004<\/p>\n<h2>Pretty Secure BGP (psBGP)<\/h2>\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">David Whyte, Evangelos Kranakis, P.C. Van Oorschot<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>The Border Gateway Protocol (BGP) is the de-facto standard inter-domain routing protocol on the Internet. However, it is well known that BGP is vulnerable to a variety of types of attacks, and that a single misconfigured or malicious BGP speaker could result in large scale service disruption. We first summarize a set of security goals for BGP, and then propose Pretty Secure BGP (psBGP) as a new security protocol achieving these goals. psBGP makes use of a centralized trust model for authenticating Autonomous System (AS) numbers, and a decentralized trust model for verifying the propriety of IP prefix origination. We compare psBGP with S-BGP and soBGP, the two leading security proposals for BGP. Our analysis suggests that psBGP provides a better balance between security and practicality than either S-BGP or soBGP: it significantly reduces the complexity of prefix onwership verification in SBGP and soBGP, although in theory offering somewhat less security; and psBGP offers more security than soBGP in terms of AS number authentication and AS PATH verification, albeit requiring expensive digital signature operations. Our performance analysis using real world BGP data suggests that psBGP is practical with respect to the number of certificates to be stored and to be updated per AS. We also raise a number of issues of independent interest about the design of S-BGP and soBGP.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/TR-04-07.pdf\">TR-04-07.pdf<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-04-07 September 2004 Pretty Secure BGP (psBGP) David Whyte, Evangelos Kranakis, P.C. Van Oorschot Abstract The Border Gateway Protocol (BGP) is the de-facto standard inter-domain routing protocol on the Internet. However, it is well known that BGP is vulnerable to a variety of types of attacks, and that a single misconfigured [&hellip;]<\/p>\n","protected":false},"author":49,"featured_media":0,"parent":12325,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TR-04-07: Pretty Secure BGP (psBGP) - School of Computer Science<\/title>\n<meta name=\"description\" content=\"Carleton University Technical Report TR-04-07 September 2004 Pretty Secure BGP (psBGP) David Whyte, Evangelos Kranakis, P.C. Van Oorschot Abstract The\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/\",\"url\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/\",\"name\":\"TR-04-07: Pretty Secure BGP (psBGP) - School of Computer Science\",\"isPartOf\":{\"@id\":\"https:\/\/carleton.ca\/scs\/#website\"},\"datePublished\":\"2021-12-06T23:41:48+00:00\",\"dateModified\":\"2021-12-06T23:41:48+00:00\",\"description\":\"Carleton University Technical Report TR-04-07 September 2004 Pretty Secure BGP (psBGP) David Whyte, Evangelos Kranakis, P.C. Van Oorschot Abstract The\",\"breadcrumb\":{\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/carleton.ca\/scs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SCS Technical Reports\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Technical Reports 2004\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"TR-04-07: Pretty Secure BGP (psBGP)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/carleton.ca\/scs\/#website\",\"url\":\"https:\/\/carleton.ca\/scs\/\",\"name\":\"School of Computer Science\",\"description\":\"Carleton University\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/carleton.ca\/scs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TR-04-07: Pretty Secure BGP (psBGP) - School of Computer Science","description":"Carleton University Technical Report TR-04-07 September 2004 Pretty Secure BGP (psBGP) David Whyte, Evangelos Kranakis, P.C. Van Oorschot Abstract The","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/","url":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/","name":"TR-04-07: Pretty Secure BGP (psBGP) - School of Computer Science","isPartOf":{"@id":"https:\/\/carleton.ca\/scs\/#website"},"datePublished":"2021-12-06T23:41:48+00:00","dateModified":"2021-12-06T23:41:48+00:00","description":"Carleton University Technical Report TR-04-07 September 2004 Pretty Secure BGP (psBGP) David Whyte, Evangelos Kranakis, P.C. Van Oorschot Abstract The","breadcrumb":{"@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/tr-04-07-pretty-secure-bgp-psbgp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/carleton.ca\/scs\/"},{"@type":"ListItem","position":2,"name":"Research","item":"https:\/\/carleton.ca\/scs\/research\/"},{"@type":"ListItem","position":3,"name":"SCS Technical Reports","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/"},{"@type":"ListItem","position":4,"name":"Technical Reports 2004","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2004\/"},{"@type":"ListItem","position":5,"name":"TR-04-07: Pretty Secure BGP (psBGP)"}]},{"@type":"WebSite","@id":"https:\/\/carleton.ca\/scs\/#website","url":"https:\/\/carleton.ca\/scs\/","name":"School of Computer Science","description":"Carleton University","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/carleton.ca\/scs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"acf":{"banner_image_type":"none","banner_button":"no"},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13118"}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/49"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13118"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13118\/revisions"}],"predecessor-version":[{"id":13119,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13118\/revisions\/13119"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12325"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}