Aggregated Path Authentication for Efficient BGP Security

Authors

Meiyuan Zhao, Dartmouth College
Sean W. Smith, Dartmouth College
David M. Nicol, University of Illinois at Urbana-Champaign

Document Type

Technical Report

Publication Date

5-1-2005

Technical Report Number

TR2005-541

Abstract

The border gateway protocol (BGP) controls inter-domain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. Secure BGP (S-BGP) uses DSA to provide route authentication and mitigate many of these risks. However, many performance and deployment issues prevent S-BGP's real-world deployment. Previous work has explored improving S-BGP processing latencies, but space problems, such as increased message size and memory cost, remain the major obstacles. In this paper, we combine two efficient cryptographic techniques---signature amortization and aggregate signatures---to design new aggregated path authentication schemes. We propose six constructions for aggregated path authentication that substantially improve efficiency of S-BGP's path authentication on both speed and space criteria. Our performance evaluation shows that the new schemes achieve such an efficiency that they may overcome the space obstacles and provide a real-world practical solution for BGP security.

Dartmouth Digital Commons Citation

Zhao, Meiyuan; Smith, Sean W.; and Nicol, David M., "Aggregated Path Authentication for Efficient BGP Security" (2005). Computer Science Technical Report TR2005-541. https://digitalcommons.dartmouth.edu/cs_tr/264