Credible BGP – Extensions to BGP for Secure Networking

Border Gateway Protocol (BGP) is the de-facto routing protocol in the Internet. Unfortunately, it is not a secure protocol, and as a result, several attacks have been successfully mounted against the Internet infrastructure. Among the security requirements of BGP is the ability to validate the actual source and path of the BGP update message. This is needed to help reduce the threat of prefix hijacking and IP spoofing based attacks. BGP route associates an address prefix with a set of autonomous systems (AS) that identify the inter-domain path that the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH attribute in BGP and starts with the AS that originated the prefix. Credible BGP (CBGP) proposes several extensions to BGP protocol to validate source and path of BGP update message and to use the resulting validation score to influence the route selection algorithm. CBGP assigns credibility scores for AS prefix origination and AS_PATH. These credibility scores are used in the extended selection algorithm to prefer valid BGP routes. The new protocol can detect BGP attacks such as AS Path Injection and AS Prefix high jacking.