Abstract
Extensive standardization and R&D efforts are dedicated to establishing secure interdomain routing. These efforts focus on two complementary mechanisms: origin authentication with RPKI, and path validation with BGPsec. However, while RPKI is finally gaining traction, the adoption of BGPsec seems not even on the horizon. This is due to inherent, possibly insurmountable, obstacles, including the need to replace today's routing infrastructure, meagre benefits in partial deployment and online cryptography. We propose path-end validation, a much easier to deploy alternative to BGPsec. Path-end validation is a modest extension to RPKI that does not require modifications to BGP message format nor online cryptography. Yet we show, through extensive simulations on empirically-derived datasets, that path-end validation yields significant security benefits, even with very limited partial deployment. We present an opensource prototype implementation of path-end validation, which does not require changing today's routers, illustrating the deployability advantage over BGPsec.
Original language | English |
---|---|
Title of host publication | Proceedings of the 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015 |
Publisher | Association for Computing Machinery, Inc |
ISBN (Electronic) | 9781450340472 |
DOIs | |
State | Published - 16 Nov 2015 |
Event | 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015 - Philadelphia, United States Duration: 16 Nov 2015 → 17 Nov 2015 |
Publication series
Name | Proceedings of the 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015 |
---|
Conference
Conference | 14th ACM Workshop on Hot Topics in Networks, HotNets-XIV 2015 |
---|---|
Country/Territory | United States |
City | Philadelphia |
Period | 16/11/15 → 17/11/15 |
Bibliographical note
Publisher Copyright:Copyright 2015 ACM.