Skip to main content

Technical Reports: CMU-CyLab-05-001

Title:Modeling Adoptability of Secure BGP Protocols
Authors:Haowen Chan, Debabrata Dash, Adrian Perrig, Hui Zhang
Publication Date:November 30, 2005

Abstract

Despite the existence of many security schemes for BGP with varying properties, to date there has been little progress on actual BGP security adoption. Although feasibility for widespread adoption remains the greatest hurdle for BGP security, there has been little quantitative research into what exactly improves the adoptability of a security scheme. To the best of our knowledge, we provide the first model for characterizing the adoptability of a protocol. Furthermore, we present an approach for performing this evaluation by simulating incentives compatible adoption decisions of ISPs on the Internet under a variety of assumptions. Our extensive evaluation results include: (a) the existence of a sharp threshold, where, if the cost of adoption is below the threshold, complete adoption takes place, while almost no adoption takes place above the threshold; (b) under a strong attacker model, adding a single hop of path authentication to origin authentication yields similar adoptability characteristics as a full path security scheme; (c) under a weaker attacker model, adding full path authentication (e.g., via SBGP [10]) significantly improves the adoptability of BGP security over weaker path security schemes such as soBGP [18]. These results provide insight into the development of more adoptable secure BGP protocols and demonstrate the importance of studying adoptability of protocols.

Full Report: CMU-CyLab-05-001