BGP security in partial deployment: Is the juice worth the squeeze?

Robert Lychev, Sharon Goldberg, Michael Schapira

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

35 Scopus citations

Abstract

As the rollout of secure route origin authentication with the RPKI slowly gains traction among network operators, there is a push to standardize secure path validation for BGP (i.e., S*BGP: S-BGP, soBGP, BGPSEC, etc.). Origin authentication already does much to improve routing security. Moreover, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in "partial deployment" alongside BGP for a long time. We therefore use theoretical and experimental approach to study the security benefits provided by partially-deployed S*BGP, vis-a-vis those already provided by origin authentication. Because routing policies have a profound impact on routing security, we use a survey of 100 network operators to find the policies that are likely to be most popular during partial S*BGP deployment. We find that S*BGP provides only meagre benefits over origin authentication when these popular policies are used. We also study the security benefits of other routing policies, provide prescriptive guidelines for partially-deployed S*BGP, and show how interactions between S*BGP and BGP can introduce new vulnerabilities into the routing system.

Original languageAmerican English
Title of host publicationProceedings of the SIGCOMM 2013 and Best Papers of the Co-Located Workshops
Pages171-182
Number of pages12
Edition4
DOIs
StatePublished - 2013
EventAnnual Conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication, ACM SIGCOMM 2013 - Hong Kong, China
Duration: 12 Aug 201316 Aug 2013

Publication series

NameComputer Communication Review
Number4
Volume43
ISSN (Print)0146-4833
ISSN (Electronic)1943-5819

Conference

ConferenceAnnual Conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication, ACM SIGCOMM 2013
Country/TerritoryChina
CityHong Kong
Period12/08/1316/08/13

Keywords

  • bgp
  • partial deployment
  • routing
  • security

Fingerprint

Dive into the research topics of 'BGP security in partial deployment: Is the juice worth the squeeze?'. Together they form a unique fingerprint.

Cite this