BGP Routing Security

Please Note: This is NOT my personal research page, it is mean to be a general resource page on interdomain routing security. If you would like to suggest additional resources for this page, please email the address found on my main page .

I am no longer actively researching this topic. As a result, this page may be missing recent research performed after 2006.

I maintain a separate page with my publications on incremental security for interdomain routing .

Current Events in BGP Security

Secure Routing Standards and Tools : 

• IETF Secure Interdomain Routing (SIDR) Working Group
• PPML thread on ARIN added authenticated originations to WHOIS template (Oct. 2006)
• Geoff Huston's talk on resource certificate trial usage. (Nov. 2006)
• Project page for APNIC's coding effort to support ``Resource Certificates''.
• IETF Routing Protocol Security (RPSEC) email archives

Routing Security Papers & Presentations

BGP Attacks / Misconfigs : 

• Beware BGP Attacks (good overview) link 
• BGP Security Vulnerability Analysis (often cited RFC): link
• A Survey of BGP Security (S-BGP, SO-BGP, IRV)  link 
• Security Issues in BGP (S-BGP, SO-BGP, psBGP) link 
• Understanding BGP Misconfiguration: link
• An Analysis of BGP Multiple Origin AS (MOAS) Conflicts : link
• Analysis of BGP Prefix Origins During Google's May 2005 Outage: link

S-BGP:

• The Secure Border Gateway Protocol (S-BGP): link 
• S-BGP Project Page (docs, presentations, even code...): link
• High Level S-BGP description from Steve Kent: link 
• S-BGP Real World Performance and Deployment Issues (2000), also a good overview of s-bgp: link 
• Securing the Border Gateway Protocol: A status update : (2003) link 

SO-BGP:

• Short High Level SO-BGP description from Russ White: link
• Detailed RFC on SO-BGP.  A bit hard to digest: link 

Other Secure Routing Proposals:

• Working Around BGP: An Incremental.... (presents IRV) : link  
• Pretty Secure BGP (psBGP) : link
• Hi-BGP: A Lightweight Hijack-proof Inter-domain Routing Protocol : link

Efficient Cryptography for BGP Security

• SPV: Secure Path Vector Routing for Securing BGP: link 
• Evaluating the Performance Impact of PKI on BGP Security : link 
• Optimizing BGP Security by Exploiting Path Stability : link 
• Measures of Self-Similarity of BGP Updates and Implications for Securing BGP: link

BGP Security Conflict Detection :

• Listen & Whisper: Security Mechanisms for BGP: link 
• Detection of Invalid Routing Announcements in the Internet: (MOAS) link 

BGP Security Anomaly Detection :

• Pretty Good BGP (PGBGP): Improving BGP by Cautiously Adopting Routes: link 
• PHAS: A Prefix Hijack Alert System: link 
• Topology-based Detection of Anomalous BGP messages: link 
• Protecting BGP Routes to Top Level DNS Servers: link 

Prefix Filtering for Security

• BGP Prefix Filtering (presentation at Cisco ISP Security Boot Camp) : link
• Cisco IOS Essentials (see page 60 and beyond for security info): link
• BGP Filtering - Myths, Legends and Reality: Peer Filtering in the Modern Backbone : link 
• Simple filtering advise from Renesys (plus a sales pitch!): link

Routing Registries and Security

• A Blueprint for Improving the Robustness of Internet Routing: link 
• Internet Hardening via Routing Registries: link 
• IDR Security and IRR's: link 
• Analyzing BGP Policies (background on registries, tool to fix them) : link  

Data plane Probing and Routing Security 

• Stealth Probing:  Efficient Data Plane Security for IP Routing : link
  
• Accurate Real-time Identification of IP Hijacking : link
• Global Internet Routing Forensics: Validation of BGP Paths using ICMP Traceback : link

Historic Proposals to Secure BGP 

• Securing the Border Gateway Routing Protocol (Smith, et al. 1996): link 
• DNS-based NLRI origin AS verification in BGP. Internet Draft. (draft-bates-bgp4-nlri-orig-verif-00.txt), January 1998: link .
• A Route Filtering Model for Improving Global Internet Routing Robustness (1998): link (ppt) .

Misc Routing Security Resources:

• BGP-4 RFC : link 
• Radia Perlman's Thesis: Network Layer Protocols with Byzantine Robustness (classic): link
• Interesting Nanog talk on s-bgp vs. so-bgp:  link   
• Position Paper: Operational Requirements for Secured BGP: link 
• Modeling Adoptability of Secure BGP Protocols : link 
• Origin Authentication in Interdomain Routing : link 
• Cool (but long) NANOG thread about deployability of s-BGP & so-BGP: link 
• Use of WHOIS registries to claim abandoned IP space or ASNs : link 
• IETF draft on BGP security requirements: link 
• Resilient Overlay Networks (RON).  An overlay approach to robust routing: link
• Detecting BGP Configuration Faults with Static Analysis : link 
• Inferring business relationships from BGP updates link 
• HLP: A Next-Generation Internet Routing Protocol : link 
• WIRED 2006 Statements on BGP Security: bellovin karlin mahajan wendlandt
  

Other Resources: 

• Nanog Archives:  Network operator email discussion list
• BGP4.as : A MASSIVE collection of BGP security papers and talks, many from NANOG.