An efficient origin authentication protocol for securing BGP

The Border Gateway Protocol (BGP) is a de facto interdomain routing protocol in Internet. However, due to the lack of the mechanism within BGP to verify the authority of an AS to announce Network Layer Reachability Information (NLRI), a specific IP prefix may be announced by the illegitimate origin autonomous system (AS), leading to the widespread subversion of Internet connectivity. The current propositions either were difficult in operation, or lacked the sufficient security guarantee. In the paper, an Authentication-based Origin Verification Protocol (AOVP) is proposed, which adopts a simple centralized trust model for verifying the propriety of IP prefix origination. Compared with S-BGP and soBGP, AOVP verifies route withdrawal, supports route aggregation and incremental deployment, and needs the smallest memory. AOVP could be more easily implemented and deployed across Internet.