Design and analysis of optimization algorithms to minimize cryptographic processing in BGP security protocols

The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers. This study proposes and evaluates the perfo...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Computer communications Ročník 106; s. 75 - 85
Hlavní autoři: Sriram, Vinay K., Montgomery, Doug
Médium: Journal Article
Jazyk:angličtina
Vydáno: England Elsevier B.V 01.07.2017
Témata:
BGPSEC
Border Gateway Protocol security
Performance optimization
Route processor efficiency
Routing security
Performance optimization
Border Gateway Protocol security
BGPSEC
Routing security
Route processor efficiency
route processor efficiency
performance optimization
ISSN:0140-3664, 1873-703X
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The Internet is subject to attacks due to vulnerabilities in its routing protocols. One proposed approach to attain greater security is to cryptographically protect network reachability announcements exchanged between Border Gateway Protocol (BGP) routers. This study proposes and evaluates the performance and efficiency of various optimization algorithms for validation of digitally signed BGP updates. In particular, this investigation focuses on the BGPSEC (BGP with SECurity extensions) protocol, currently under consideration for standardization in the Internet Engineering Task Force. We analyze three basic BGPSEC update processing algorithms: Unoptimized, Cache Common Segments (CCS) optimization, and Best Path Only (BPO) optimization. We further propose and study cache management schemes to be used in conjunction with the CCS and BPO algorithms. The performance metrics used in the analyses are: (1) routing table convergence time after BGPSEC peering reset or router reboot events and (2) peak-second signature verification workload. Both analytical modeling and detailed trace-driven simulation were performed. Results show that the BPO algorithm is 330% to 628% faster than the unoptimized algorithm for routing table convergence in a typical Internet core-facing provider edge router.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
Principal corresponding author
ISSN:0140-3664
1873-703X
DOI:10.1016/j.comcom.2017.03.007