Secure Border Gateway Protocol: Implementing A Scalable Solution to Protect Business
The Border Gateway Protocol (BGP), which is employed to allocate routing data between autonomous systems (ASes), is integral to the Internet's routing framework. It has created vulnerabilities for business such as malicious attacks due to limited secure measures of validating the authenticity and creditability of BGP traffic. This proposal outlines a secure, expandable, deployable design (S-BGP) for an authorization system that focuses on security complications affiliated with BGP. The proposal analyzes the vulnerabilities, defines S-BGP countermeasures such as attestation and route validation, and also describes how they address these vulnerabilities creating enhanced security for businesses. Furthermore, this proposal supplies a comparison of this framework with other already proposed applications and examines performance implications of the proposed countermeasures.
Table of Contents
Issues and Concepts 6-12
Theoretical Application 12-16
Appendix 1 24 Appendix 2 24 Appendix 3 25 Appendix 4 25
The technical architecture of business organizations, or Internet, is an expansive interworking network that allows autonomous systems access to various types of information within the network. Border Gateway Protocol (BGP), which enables the routing of data between these autonomous systems, has proven over time to negatively affect companies across the world as it is immensely exposed to rapidly evolving cyber-attacks, the rise in Malware, and Social Media Hacking. This vulnerability occurs because BGP has deficient measuring ability in terms of validating the authenticity of BGP control traffic (Nicholes & Mukherjee, 2009). For this reason, there is great cause to analyze the BGP vulnerability as it relates to effective business practices. This proposal will utilize research to describe the issue with cyber security, how Border Gateway Protocol works, and discuss current vulnerabilities and threats in an effort to find two solutions to the problem that currently exist. The findings from this analysis and proposed countermeasures will be summarized in the conclusion of this proposal.
Internet routing is based on an allocated system consisting of numerous routers, organized into administrative domains known as Autonomous Systems (ASes) ("Border Gateway Protocol," 2014). Between ASe’s routing instructions is traded in BGP.
Take the current BGP-4 protocol, in specific, for example. The BGP-4 protocol consists of two main functions. The first is cryptographic message syntax which uses cryptographic elements to provide encryption and digital signatures ("Cryptographic Message Syntax (CMS)," 2014). The second function is a back propagation algorithm. This element is a message-passing algorithm for performing inference on graphical models, such as Bayesian networks and Markov random fields ("Belief Propagation," 2014).
When routing data between ASes, routers executing BGP transfers route information via Update messages. Although Update messages are unique, each instance is comprised of three identical stages. The first stage is a series of address prefixes. Destinations that are no longer reachable are listed in these prefixes. The second stage is composed of reachable prefixes. The last stage consists of the components of the cumulative path and current Inter-Autonomous System, enclosed in path attributes, which can be used to navigate to the address prefixes (Wang, 2002).
The characteristic used to identify the inter-AeS path, known specifically as the AeS_PATH characteristic, establishes a chain of Autonomous Systems (ASes) along