The lecture will be held hybrid.
Venue for the face-to-face event is:
TU Darmstadt | Physik Hörsaal Uhrturm (S2|08) | Hochschulstraße 4 | 64289 Darmstadt

The event will be held online via MS Teams.

If you take part in a presentation, you will have the opportunity to meet and exchange with the key players in cybersecurity in person after the lecture.

Go to registration

Abstract

We present BGP-iSec, an enhancement of the BGPsec protocol for securing BGP, the Internet’s inter-domain routing protocol. BGP-iSec ensures additional and stronger security properties, compared to BGPsec, without significant extra overhead. The main improvements are: (i) Security for partial adoption: BGP-iSec provides significant security benefits for early adopters, in contrast to BGPsec, which requires universal adoption. (ii) Defense against route leakage: BGP-iSec defends against route leakage, a common cause of misrouting that is not prevented by BGPsec. (iii) Integrity of attributes: BGP-iSec ensures the integrity of integrity-protected attributes, thereby preventing announcement manipulation attacks not prevented by BGPsec. We argue that BGP-iSec achieves these goals using extensive simulations as well as security analysis. The BGP-iSec design conforms, where possible, with the BGPsec design, modifying it only where necessary to improve security or ease deployment. By providing stronger security guarantees, especially for partial adoption, we hope BGP-iSec will be a step towards finally protecting interdomain routing, which remains, for many years, a vulnerability of the Internet’s infrastructure.

Joint work with Cameron Morris, Bing Wang and Samuel Secondo