1

SECURING BGP – A LITERATURE SURVEY Presented by:

Tony Reveldez

GEOFF HUSTON

B.Sc., M.Sc.Australian National

University

MATTIA ROSSI

B.Eng.,M.Sc.Leopold-

Franzens-Universitaet

GEOFF ARMITAGE B.Sc., PhD.Swinburne

University of Technology

2

Border Gateway Protocol

What is it? iBGP vs eBGP TCP/IP Distant Vector Routing

Path Vector Routing

Route Selection Process Messages

AS Path

3

BGP Threat Model

Securing the BGP Session Injection, eavesdropping, delay messages, replay

Verifying BGP Identity Are you really who you claim to be?

Verifying BGP Information Is your information complete?

Verifying Forwarding Paths Is my information accurate?

4

Consequences of Attacks on the Routing System

Denial of Service

the potential to masquerade Address Stealing

The ability to eavesdrop

www.fireblog.com

5

Securing BGP

The Security Toolset Security Requirements

Securing the data payload and semanticsPiecemeal incremental deployment

Approaches to Securing BGPsBGP, soBGP, psBGP, pgBGP, IRV

6

Approaches to Securing BGP

Securing the operation of BGPTCP sessionGTSMTCP MD5IPSEC

Security in the Data Level

7

Securing the Integrity of BGP Data

sBGP soBGP

psBGP

IRV pgBGP

8

State of BGP Security

As the table shows, of all proposals, only a few have been implemented and mostly not deployed