BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2005-541
ENTRY:: May 23, 2005
ORGANIZATION:: Dartmouth College, Computer Science
TITLE:: Aggregated Path Authentication for Efficient BGP Security
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Zhao, Meiyuan
AUTHOR:: Smith, Sean W.
AUTHOR:: Nicol, David M.
DATE:: May 2005
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2005-541.pdf
ABSTRACT:: 
The border gateway protocol (BGP) controls inter-domain routing in the
Internet. BGP is vulnerable to many attacks, since routers rely on
hearsay information from neighbors. Secure BGP (S-BGP) uses DSA to
provide route authentication and mitigate many of these
risks. However, many performance and deployment issues prevent S-BGP's
real-world deployment. Previous work has explored improving S-BGP
processing latencies, but space problems, such as increased message
size and memory cost, remain the major obstacles. In this paper, we
combine two efficient cryptographic techniques---signature
amortization and aggregate signatures---to  design new aggregated path
authentication schemes. We propose six constructions for aggregated
path authentication that substantially improve efficiency of S-BGP's
path authentication on both speed and space criteria. Our performance
evaluation shows that the new schemes achieve such an efficiency that
they may overcome the space obstacles and provide a real-world
practical solution for BGP security.
END:: ncstrl.dartmouthcs//TR2005-541