One hop for RPKI, one giant leap for BGP security

Avichai Cohen, Yossi Gilad, Amir Herzberg, Michael Schapira

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

16 Scopus citations

Abstract

Extensive standardization and R&D efforts are dedicated to establishing secure interdomain routing. These efforts focus on two complementary mechanisms: origin authentication with RPKI, and path validation with BGPsec. However, while RPKI is finally gaining traction, the adoption of BGPsec seems not even on the horizon. This is due to inherent, possibly insurmountable, obstacles, including the need to replace today's routing infrastructure, meagre benefits in partial deployment and online cryptography. We propose path-end validation, a much easier to deploy alternative to BGPsec. Path-end validation is a modest extension to RPKI that does not require modifications to BGP message format nor online cryptography. Yet we show, through extensive simulations on empirically-derived datasets, that path-end validation yields significant security benefits, even with very limited partial deployment. We present an opensource prototype implementation of path-end validation, which does not require changing today's routers, illustrating the deployability advantage over BGPsec.

Original languageAmerican English
Title of host publicationProceedings of the 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450340472
DOIs
StatePublished - 16 Nov 2015
Event14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015 - Philadelphia, United States
Duration: 16 Nov 201517 Nov 2015

Publication series

NameProceedings of the 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015

Conference

Conference14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015
Country/TerritoryUnited States
CityPhiladelphia
Period16/11/1517/11/15

Bibliographical note

Publisher Copyright:
Copyright 2015 ACM.

Fingerprint

Dive into the research topics of 'One hop for RPKI, one giant leap for BGP security'. Together they form a unique fingerprint.

Cite this