Our Publications

by Yih-Chun Hu, Adrian Perrig, Marvin Sirbu
Abstract:
As our economy and critical infrastructure increasingly relies on the Internet, the insecurity of the underlying border gateway routing protocol (BGP) stands out as the Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of BGP. Securing BGP has become a priority. In this paper, we focus on a viable deployment path to secure BGP. We analyze security requirements, and consider tradeoffs of mechanisms that achieve the requirements. In particular, we study how to secure BGP update messages against attacks. We design an efficient cryptographic mechanism that relies only on symmetric cryptographic primitives to guard an ASPATH from alteration, and propose the Secure Path Vector (SPV) protocol. In contrast to the previously proposed S-BGP protocol, SPV is around 22 times faster. With the current effort to secure BGP, we anticipate that SPV will contribute several alternative mechanisms to secure BGP, especially for the case of incremental deployments.
Reference:
SPV: Secure Path Vector Routing for Securing BGP  [bibtex]Yih-Chun Hu, Adrian Perrig, Marvin Sirbu. In Proceedings of ACM SIGCOMM 2004.
Bibtex Entry:
@InProceedings{HuPeSi2004,
  author = 		 {Yih-Chun Hu and Adrian Perrig and Marvin Sirbu},
  title = 		 {{SPV}: Secure Path Vector Routing for Securing {BGP}},
  url = {http://www.netsec.ethz.ch/publications/papers/spv.pdf},
  booktitle =	 {Proceedings of ACM SIGCOMM},
  year =		 2004,
  month =		 sep,
  abstract =	 {As our economy and critical infrastructure
                  increasingly relies on the Internet, the insecurity
                  of the underlying border gateway routing protocol
                  (BGP) stands out as the Achilles heel. Recent
                  misconfigurations and attacks have demonstrated the
                  brittleness of BGP. Securing BGP has become a
                  priority. In this paper, we focus on a viable
                  deployment path to secure BGP. We analyze security
                  requirements, and consider tradeoffs of mechanisms
                  that achieve the requirements. In particular, we
                  study how to secure BGP update messages against
                  attacks. We design an efficient cryptographic
                  mechanism that relies only on symmetric
                  cryptographic primitives to guard an ASPATH from
                  alteration, and propose the Secure Path Vector (SPV)
                  protocol. In contrast to the previously proposed
                  S-BGP protocol, SPV is around 22 times faster. With
                  the current effort to secure BGP, we anticipate that
                  SPV will contribute several alternative mechanisms
                  to secure BGP, especially for the case of
                  incremental deployments.}
}