An SDN-based approach to enhance BGP security
Regivaldo Costa, Fernando M. V. Ramos
TL;DR
This paper proposes BGPSecX, an SDN-based architecture to enhance BGP security at IXPs by reducing computational load, avoiding BGP modifications, and encouraging collaboration and incentives for deployment.
Contribution
It introduces a novel SDN approach for BGP security that is computationally efficient, BGP-compatible, and promotes inter-IXP collaboration to incentivize adoption.
Findings
Reduces computational burden on routers
Enables BGP security without protocol modifications
Facilitates inter-IXP collaboration for security deployment
Abstract
BGP is vulnerable to a series of attacks. Many solutions have been proposed in the past two decades, but the most effective remain largely undeployed. This is due to three fundamental reasons: the solutions are too computationally expensive for current routers, they require changes to BGP, and/or they do not give the right incentives to promote deployment. In this abstract we propose a Software-Defined Networking (SDN) architecture to secure BGP routing. Our solution, BGPSecX, targets an IXP and it includes techniques to allow different IXPs to collaborate. With SDN we remove the computational burden from routers and do not make changes to BGP. Targeting IXPs and promoting inter-IXP collaboration enables the creation of incentives to foster adoption of BGP security services.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware-Defined Networks and 5G · Network Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting