Computer Science and Information Systems 2015 Volume 12, Issue 4, Pages: 1327-1344
https://doi.org/10.2298/CSIS140910057K
Full text ( 458 KB)
Achieving inter-domain routing security based on distributed translator trust model
Kong Lingjing (Southwest Jiaotong University, School of Information Science and Technology, China)
Shen Hong (Sun Yat-sen University, School of Information Science and Technology, China + University of Adelaide, School of Computer Science Australia)
To resolve the difficulties in deployment of the classic security solution
S-BGP (Secure Border Gateway Protocol), the Translator Trust Model (TTM) for
a new solution SE-BGP (Security Enhanced BGP) was proposed to transform the
centralized deployment mode of S-BGP to distributed mode. However, the trust
(attestations of routing information) translation of TTM only depends on a
single hub node and this results in severe threats for the inter-domain
routing system. To overcome the deficiencies of TTM, in this paper we improve
TTM to Distributed TTM (DTTM) by expanding the single hub node to a set of
selected multiple hub nodes; in our DTTM, the task of attestations is
distributed over multiple hub nodes instead of on a single hub node. In order
to make the hub nodes respond to the case of single node failures, we design
a restoration mechanism to recover the network based on the neighbour-ring
structure. Besides, we develop Cooperative Secure BGP (CSBGP) to realize DTTM
in BGP. In comparison with SE-BGP, our experimental results show that CS-BGP
achieves an improved scalability, reduced convergence time and enhanced
security.
Keywords: BGP security, TTM, DTTM, restoration mechanism, CS-BGP