Jumpstarting BGP security with path-end validation

Avichai Cohen, Yossi Gilad, Amir Herzberg, Michael Schapira

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

42 Scopus citations

Abstract

Extensive standardization and R&D efforts are dedicated to establishing secure interdomain routing. These efforts focus on two mechanisms: origin authentication with RPKI, and path validation with BGPsec. However, while RPKI is finally gaining traction, the adoption of BGPsec seems not even on the horizon due to inherent, possibly insurmountable, obstacles, including the need to replace today's routing infrastructure and meagre benefits in partial deployment. Consequently, secure interdomain routing remains a distant dream. We propose an easily deployable, modest extension to RPKI, called "path-end validation", which does not entail replacing/upgrading today's BGP routers. We show, through rigorous security analyses and extensive simulations on empirically derived datasets, that path-end validation yields significant benefits even in very limited partial adoption. We present an open-source, readily deployable prototype implementation of path-end validation.

Original languageAmerican English
Title of host publicationSIGCOMM 2016 - Proceedings of the 2016 ACM Conference on Special Interest Group on Data Communication
PublisherAssociation for Computing Machinery, Inc
Pages342-355
Number of pages14
ISBN (Electronic)9781450341936
DOIs
StatePublished - 22 Aug 2016
Event2016 ACM Conference on Special Interest Group on Data Communication, SIGCOMM 2016 - Florianopolis, Brazil
Duration: 22 Aug 201626 Aug 2016

Publication series

NameSIGCOMM 2016 - Proceedings of the 2016 ACM Conference on Special Interest Group on Data Communication

Conference

Conference2016 ACM Conference on Special Interest Group on Data Communication, SIGCOMM 2016
Country/TerritoryBrazil
CityFlorianopolis
Period22/08/1626/08/16

Bibliographical note

Publisher Copyright:
© 2016 ACM.

Keywords

  • BGP security
  • RPKI
  • Routing security

Fingerprint

Dive into the research topics of 'Jumpstarting BGP security with path-end validation'. Together they form a unique fingerprint.

Cite this