%T Aggregated Path Authentication for Efficient BGP Security
%A Meiyuan Zhao
%A Sean W. Smith
%A David M. Nicol
%R Technical Report TR2005-541
%I Dartmouth College, Computer Science
%C Hanover, NH
%D May 2005
%U http://www.cs.dartmouth.edu/reports/TR2005-541.pdf
%X
 The border gateway protocol (BGP) controls inter-domain routing in the
 Internet. BGP is vulnerable to many attacks, since routers rely on
 hearsay information from neighbors. Secure BGP (S-BGP) uses DSA to
 provide route authentication and mitigate many of these
 risks. However, many performance and deployment issues prevent S-BGP's
 real-world deployment. Previous work has explored improving S-BGP
 processing latencies, but space problems, such as increased message
 size and memory cost, remain the major obstacles. In this paper, we
 combine two efficient cryptographic techniques---signature
 amortization and aggregate signatures---to  design new aggregated path
 authentication schemes. We propose six constructions for aggregated
 path authentication that substantially improve efficiency of S-BGP's
 path authentication on both speed and space criteria. Our performance
 evaluation shows that the new schemes achieve such an efficiency that
 they may overcome the space obstacles and provide a real-world
 practical solution for BGP security.