A New Security Mechanism for BGP Path Verification
As the Internet's de-facto inter-domain routing protocol, the Border Gateway Protocol (BGP) possesses many security vulnerabilities. Although many security solutions have been proposed, none has been widely accepted because of heavy Public Key Infrastructure (PKI) management and too many signing and verifying operations. This paper proposes a new security mechanism called Two-Hop Signature Path Verification (THSPV) to provide BGP path verification with lower performance overhead. Security and performance analysis show that the new scheme can not only provide strong security, but also decrease the number of signatures and memory cost for certificates with simpler PKI management and provide a real-world practical solution for BGP path verification.