Credible-BGP: A Hybrid Cryptosystem to Secure BGP

BGP is built under the assumption that Autonomous Systems (ASes) are trusted and operate according to the standard. This was quickly revealed to be untrue in the current model of the Internet. Many subsequent protocols were proposed to address the security issues of the BGP protocol. Among them, SBGP offer secure and guaranteed means to distribute route reachability information. However, the assumption under which the protocol is built resulted in a significant computational overhead due to extensive use of cryptographic operations. Indeed, upon the reception of an update, a node has to verify the embedded signature of each node in the AS-PATH in an onion fashion. In this paper, we present a novel approach that reduces the cost of construction and verifications of BGP updates. We make the assumption that some ASes (Like Tier-1 ISPs) can be considered to be trusted by the rest of the ASes. We build a new protocol that employs symmetric and asymmetric cryptosystems to build a secure and efficient mechanism to distribute route information. Based on simulation studies, we noticed considerable reduction of the cost of update construction and verification despite a slight increase of the messages exchanged to reach the steady state.