BGP with BGPsec: Attacks and Countermeasures

Qi Li, Jiajia Liu, Yih Chun Hu, Mingwei Xu, Jianping Wu

Research output: Contribution to journalArticlepeer-review

14 Scopus citations

Abstract

The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Original languageEnglish
Article number8594708
Pages (from-to)194-200
Number of pages7
JournalIEEE Network
Volume33
Issue number4
DOIs
StatePublished - 1 Jul 2019
Externally publishedYes

Fingerprint

Dive into the research topics of 'BGP with BGPsec: Attacks and Countermeasures'. Together they form a unique fingerprint.

Cite this