|
|
|
| A Lightweight Mechanism for Border Gateway Protocol Path Verification |
| Zhao Chen①③ Sun Bin①② Yang Yi-xian①③ Yang Yan② |
①(Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China)
②(State Key Laboratory of Rail Traffic Control and Safety, Beijing Jiaotong University, Beijing 100044, China)
③(National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China) |
|
|
|
|
Abstract Since BGP (Border Gateway Protocol) possesses many security vulnerabilities, BGP Autonomous System PATH information (AS_PATH attribute) is vulnerable to various attacks. In proposed BGP path verification mechanisms at present, the high computational overhead and complex process severely block security solutions from being implemented and deployed in real world. A lightweight method is designed for BGP path verification named First-Two-AS based Path Verification (FTAPV). Based on analysis of AS_PATH attribute, FTAPV can protect path information effectively through carrying signatures of first two ASes in the AS_PATH of UPDATEs. Security analysis and performance evaluation demonstrate this mechanism can reduce the route resource expense and the number of used certificates with strong ability of security and good scalability compared with existing method.
|
|
Received: 20 March 2012
|
|
|
|
Corresponding Authors:
Zhao Chen
E-mail: sdqdzhaochen@163.com
|
|
|
|
|
|
|
2012, Vol. 34 
