FRAMINGHAM (10/03/2003) - The two proposals for addressing Border Gateway Protocol's security shortcomings might have some of their own.
BBN Technologies LLC's Secure BGP (S-BGP) is intended to address a "fundamental problem" with BGP: the authenticity of routing update information, according to Steve Kent, BBN chief scientist for information security.
"What makes security for BGP tricky is that generally, this update information is transitive," he says. "One ISP is saying to another, 'I received this routing information from one of my neighbors with regard to this chunk of address space. If you want to send traffic for this chunk of address space to me, this is the path it would take.' Today, there's just no security for that. There's no way for the receiver to tell whether the update that's received is authentic."
S-BGP seeks to establish a public-key infrastructure that uses digital certificates to authenticate two pieces of data: which chunks of address space have been allocated to them and what autonomous system numbers have been allocated to them.
But S-BGP inhibits an ISP's ability to establish policy for its routers, says Cisco Systems Inc. Fellow Fred Baker, whose company, along with ISPs such as Genuity Inc., have written an alternative called Secure Origin BGP (soBGP).
"(With S-BGP, the) downstream service provider cannot apply a policy that says, 'I'm going to accept this prefix from you but not that one,'" Baker says. "It fundamentally breaks BGP's ability to be used in a policy system where you might redivide the information. S-BGP is the right concept, but it's put together in a way that an ISP can't really effectively use."
The soBGP proposal is an effort to let ISPs authenticate route advertisements and implement policy on them. But according to Kent, soBGP provides too many ways to do certain things, which when implemented differently, hamper interoperability.
The Internet Engineering Task Force is acting as mediator in the S-BGP/soBGP dispute. The routing protocol security working group within the IETF's Routing area is developing a so-called threat model that attempts to document the security requirements for Internet routing systems.
This work might provide the middle ground on which S-BGP and soBGP backers can come to a resolution, says Alex Zinin, director of the IETF's Routing and Sub-IP areas.
"This should help bring people on the same page as far as what we actually expect from routing protocols from a security perspective, as opposed to each protocol designer or each service provider making their own conclusions and assumptions," he says.