Enhancing the Trust of Internet Routing With Lightweight Route Attestation

Abstract

The weak trust model in Border Gateway Protocol (BGP) introduces severe vulnerabilities for Internet routing including active malicious attacks and unintended misconfigurations. Although various secure BGP solutions have been proposed, the complexity of security enforcement and data-plane attacks still remain open problems. We propose TBGP, a trusted BGP scheme aiming to achieve high authenticity of Internet routing with a simple and lightweight attestation mechanism. TBGP introduces a set of route update and withdrawal rules that, if correctly enforced by each router, can guarantee the authenticity and integrity of route information that is announced to other routers in the Internet. To verify this enforcement, an attestation service running on each router provides interfaces for a neighboring router to challenge the integrity of its routing stack, enforced rules, and the attestation service itself. If this attestation succeeds, the neighboring router updates its routing table or announces the route to its neighbors, following the same rules. Thus, a router on a routing path only needs to verify one neighbor's routing status to ensure that the route information is valid. Through this, TBGP builds a transitive trust relationship among all routers on a routing path. We implement a prototype of TBGP to investigate its practicality. In our implementation, we use identity-based signature and trusted computing techniques to further reduce the complexity of security operations. Our security analysis and performance study shows that TBGP can achieve the security goals of BGP with significantly better convergence performance and lower computation overhead than existing secure BGP solutions.