3S: three‐signature path authentication for BGP security. Issue 17 (18th February 2015)
- Record Type:
- Journal Article
- Title:
- 3S: three‐signature path authentication for BGP security. Issue 17 (18th February 2015)
- Main Title:
- 3S: three‐signature path authentication for BGP security
- Authors:
- Liu, Yaping
Deng, Wenping
Liu, Zhihong
Huang, Feng - Abstract:
- <abstract abstract-type="main" id="sec1227-abs-0001"> <title>Abstract</title> <p id="sec1227-para-0001">Because of the lack of mechanism to verify a route's path authorization, border gateway protocol (BGP) has been disrupted by route hijacking for decades. Although several secure inter‐domain protocols have been proposed during the past years, such as secure BGP (S‐BGP) and BGPsec, they all have serious performance issues in both time and space cost, preventing their further deployment in the practical Internet. Statistical results from the real Internet reveal that multiple Internet protocol prefixes could often been announced along with the same AS path/sub‐path to its downstream autonomous systems; hence, the route announcements can be aggregated at the level of prefix. In light of this, we propose a three‐signature path authentication (<italic>3S</italic>) scheme to improve the performance of path authentication. We first introduce the concept of "virtual AS, " to reflect a cluster of prefixes that are announced along a common path/sub‐path. Then we aggregate those prefixes into an atom and only need to sign the first route announcement of a virtual AS instead of single prefixes; thus, it can reduce the number of cryptographic operations significantly. We evaluate the performance of 3<italic>S</italic> scheme in both theoretical and experimental ways; the results have shown that our proposed scheme is more efficient yet without losing security capabilities as existing<abstract abstract-type="main" id="sec1227-abs-0001"> <title>Abstract</title> <p id="sec1227-para-0001">Because of the lack of mechanism to verify a route's path authorization, border gateway protocol (BGP) has been disrupted by route hijacking for decades. Although several secure inter‐domain protocols have been proposed during the past years, such as secure BGP (S‐BGP) and BGPsec, they all have serious performance issues in both time and space cost, preventing their further deployment in the practical Internet. Statistical results from the real Internet reveal that multiple Internet protocol prefixes could often been announced along with the same AS path/sub‐path to its downstream autonomous systems; hence, the route announcements can be aggregated at the level of prefix. In light of this, we propose a three‐signature path authentication (<italic>3S</italic>) scheme to improve the performance of path authentication. We first introduce the concept of "virtual AS, " to reflect a cluster of prefixes that are announced along a common path/sub‐path. Then we aggregate those prefixes into an atom and only need to sign the first route announcement of a virtual AS instead of single prefixes; thus, it can reduce the number of cryptographic operations significantly. We evaluate the performance of 3<italic>S</italic> scheme in both theoretical and experimental ways; the results have shown that our proposed scheme is more efficient yet without losing security capabilities as existing methods such as S‐BGP and BGPsec. Copyright © 2015 John Wiley &amp; Sons, Ltd.</p> </abstract> … (more)
- Is Part Of:
- Security and communication networks. Volume 8:Issue 17(2015)
- Journal:
- Security and communication networks
- Issue:
- Volume 8:Issue 17(2015)
- Issue Display:
- Volume 8, Issue 17 (2015)
- Year:
- 2015
- Volume:
- 8
- Issue:
- 17
- Issue Sort Value:
- 2015-0008-0017-0000
- Page Start:
- 3002
- Page End:
- 3014
- Publication Date:
- 2015-02-18
- Subjects:
- Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.1227 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 3373.xml