Lack of security mechanisms expose the Border Gateway Protocol (BGP) to a wide range of threats that are constantly undermining security of the Internet. Most prominent attacks include prefix hijacking and announcement of false routes to maliciously attract or divert traffic. A number of cryptographic solutions to prevent both attacks have been proposed but have not been adopted due to involved operations and considerable overhead. Most of them rely on digital signatures to authorize Autonomous Systems to propagate route announcements. Surprisingly, the scientific community has devoted only little interest to the problem of revocation in BGP. In particular, BGP systems based on Public Key Infrastructure allow to revoke an Autonomous System by revoking its public key certificate. However, there seem to be no solution for selective revocation of AS-path announcements. This paper introduces reBGP, an enhanced version of BGP that leverages Identity Based Cryptography to secure BGP with minimal overhead. reBGP prevents prefix hijacking and false route announcement through Aggregate Identity Based Signatures and provides an effective revocation means to invalidate AS-path announcements. reBGP enjoys a constant overhead to verify authenticity of routes and does not require a Public Key Infrastructure. Extensive testing of our implementation, show that our proposal represents a practical solution to secure BG

Relieve internet routing security of public key infrastructure / Mancini, Luigi Vincenzo; Spognardi, Angelo; Claudio, Soriente; Villani, Antonio; Vitali, Domenico. - STAMPA. - (2012), pp. 1-9. (Intervento presentato al convegno 21st IEEE International Conference on Computer Communications and Networks tenutosi a Munich, Germany nel July 2012) [10.1109/ICCCN.2012.6289235].

Relieve internet routing security of public key infrastructure

MANCINI, Luigi Vincenzo;SPOGNARDI, Angelo;VILLANI, Antonio;VITALI, Domenico
2012

Abstract

Lack of security mechanisms expose the Border Gateway Protocol (BGP) to a wide range of threats that are constantly undermining security of the Internet. Most prominent attacks include prefix hijacking and announcement of false routes to maliciously attract or divert traffic. A number of cryptographic solutions to prevent both attacks have been proposed but have not been adopted due to involved operations and considerable overhead. Most of them rely on digital signatures to authorize Autonomous Systems to propagate route announcements. Surprisingly, the scientific community has devoted only little interest to the problem of revocation in BGP. In particular, BGP systems based on Public Key Infrastructure allow to revoke an Autonomous System by revoking its public key certificate. However, there seem to be no solution for selective revocation of AS-path announcements. This paper introduces reBGP, an enhanced version of BGP that leverages Identity Based Cryptography to secure BGP with minimal overhead. reBGP prevents prefix hijacking and false route announcement through Aggregate Identity Based Signatures and provides an effective revocation means to invalidate AS-path announcements. reBGP enjoys a constant overhead to verify authenticity of routes and does not require a Public Key Infrastructure. Extensive testing of our implementation, show that our proposal represents a practical solution to secure BG
2012
21st IEEE International Conference on Computer Communications and Networks
Internet, Internet protocols, Network security, Public key cryptography, Autonomous systems, Border gateway protocol, Identity based cryptography, Identity based signature, Prefix hijacking, Public key certificates
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Relieve internet routing security of public key infrastructure / Mancini, Luigi Vincenzo; Spognardi, Angelo; Claudio, Soriente; Villani, Antonio; Vitali, Domenico. - STAMPA. - (2012), pp. 1-9. (Intervento presentato al convegno 21st IEEE International Conference on Computer Communications and Networks tenutosi a Munich, Germany nel July 2012) [10.1109/ICCCN.2012.6289235].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/762801
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? ND
social impact