Abstract:
The Border Gateway Protocol is the inter-domain routing protocol for internet. Despite being a central part of the most critical network infrastructure i.e., the internet, it lacks in security features and is vulnerable to variety of attacks. BGP was originally designed with minimal security features to work in trusted networks. However, the evolution in threat environment for the internet presents the challenge to secure its backbone infrastructure, governed by BGP routing protocol. The configuration mistakes on routers also have serious and devastating effects on BGP routing.
Security provisioning for BGP has been researched extensively. This research work analyzes the threats posed to BGP routing protocol. A Threat Model for BGP is presented, inclusive of all important and latest threats on the protocol. The existing solutions to secure BGP including S-BGP, SoBGP, IRV, PsBGP, BGPSec are studied and evaluated based on security features. An Evaluation Model for BGP security architectures is established based on two approaches of evaluation, security evaluation and deployment evaluation. BGP security architectures and extensions are evaluated in thorough detail against the defined evaluation model for security features and performance attributes. A deployment strategy for BGP is also presented. The security of the proposed deployment strategy is based on BGPSec, while the deployment cost is greatly reduced; by off boarding computational and storage overhead from existing BGP border routers. The need for high performance specifications at existing border routers has remained the main challenge for successful deployment of BGP. The presented deployment strategy presents an efficient solution to this challenge and provides a practical deployment solution for BGP.
