Analysis of impact of trust on Secure Border Gateway Protocol

Israr, Junaid; Guennoun, Mouhcine; Mouftah, Hussein T.

doi:10.1109/iscc.2011.5983852

Cited by 5 publications

(7 citation statements)

References 7 publications

(9 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The computation requirements of the protocol dramatically slow down the network convergence. In [1] the authors proposed Credible BGP (C-BGP), a lightweight protocol that we proved can be a good alternative to secure BGP. The main design goal of C-BGP is to reduce the burden of validating the AS-PATH and the address prefix origination.…”

Section: Credible Border Gateway Protocol (C-bgp)mentioning

confidence: 99%

“…As discussed in [1], there are significant savings in terms of number of signature verifications as they are reduced significantly when a limited number of trusted ASes are present in the network.…”

Section: Credible Border Gateway Protocol (C-bgp)mentioning

confidence: 99%

“…This UPDATE message must not have any trusted AS in the AS-PATH, else the UPDATE message would be dropped by the trusted AS in the AS-PATH. This quantity, , is similar to the average number of keys calculated in [1]. It can be written as:…”

Section: A Analytical Modelmentioning

confidence: 99%

“…However, it presents significant challenges in terms of number of signature verifications and deployment considerations. In [1] we proposed a new approach, called Credible BGP (C-BGP), which attempts to address some of the concerns associated with S-BGP and demonstrated significant improvements in the number of overall signature processing requirements. In this paper we present security analysis of C-BGP.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Security analysis of C-BGP: A light alternative to S-BGP

Israr

Gahi

Guennoun

et al. 2016

2016 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE)

Self Cite

View full text Add to dashboard Cite

Credible BGP (C-BGP) is a lightweight alternative to secure BGP. Its main design objective is to address signature verification costs and deployment challenges associated with S-BGP. To this end, C-BGP defines a control layer of trusted ASes that is comprised of major Autonomous Systems (ASes) in the network. In this environment a non-trusted AS has to verify only the signatures of intermediate ASes between itself and the last trusted AS in the AS-PATH. Similarly, the address prefix is validated only if it was not previously validated by a trusted AS. This scheme works very well as long as the trusted ASes are indeed always trustworthy. In this paper we aim to study security impact of malicious trusted AS(es) in the network. We develop original and detailed analytical and simulation models to study the security of C-BGP and demonstrate that it promises very significant savings in terms of computational overhead and acceptable security performance in the presence of malicious ASes in the network.

show abstract

Section: Credible Border Gateway Protocol (C-bgp)mentioning

confidence: 99%

Section: Credible Border Gateway Protocol (C-bgp)mentioning

confidence: 99%

Section: A Analytical Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Security analysis of C-BGP: A light alternative to S-BGP

Israr

Gahi

Guennoun

et al. 2016

2016 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE)

Self Cite

View full text Add to dashboard Cite

show abstract

“…As well as they use both algorithm for key distribution central key distribution and distributed key distribution. The paper "Analysis of Impact of Trust on Secure Borde Gateway Protocol" [8] shows that only 20% of trusted nodes in the network can reduce the number of AS-path verifications by almost 50%. Similarly, the average number of IP prefix validations is reduced by 80% when 20% of the ASes are trusted.…”

Section: Problem Identificationmentioning

confidence: 99%

A Novel Approach for Secure Routing Through BGP Using Symmetric Key

Raimagia¹,

Singh²,

Zafar³

2013

IJNSA

View full text Add to dashboard Cite

show abstract

3S: three-signature path authentication for BGP security

Liu

Deng

Liu

et al. 2015

Security Comm. Networks

View full text Add to dashboard Cite

Because of the lack of mechanism to verify a route's path authorization, border gateway protocol (BGP) has been disrupted by route hijacking for decades. Although several secure inter‐domain protocols have been proposed during the past years, such as secure BGP (S‐BGP) and BGPsec, they all have serious performance issues in both time and space cost, preventing their further deployment in the practical Internet. Statistical results from the real Internet reveal that multiple Internet protocol prefixes could often been announced along with the same AS path/sub‐path to its downstream autonomous systems; hence, the route announcements can be aggregated at the level of prefix. In light of this, we propose a three‐signature path authentication (3S) scheme to improve the performance of path authentication. We first introduce the concept of “virtual AS,” to reflect a cluster of prefixes that are announced along a common path/sub‐path. Then we aggregate those prefixes into an atom and only need to sign the first route announcement of a virtual AS instead of single prefixes; thus, it can reduce the number of cryptographic operations significantly. We evaluate the performance of 3S scheme in both theoretical and experimental ways; the results have shown that our proposed scheme is more efficient yet without losing security capabilities as existing methods such as S‐BGP and BGPsec. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Analysis of impact of trust on Secure Border Gateway Protocol

Cited by 5 publications

References 7 publications

Security analysis of C-BGP: A light alternative to S-BGP

Security analysis of C-BGP: A light alternative to S-BGP

A Novel Approach for Secure Routing Through BGP Using Symmetric Key

3S: three-signature path authentication for BGP security

Contact Info

Product

Resources

About