BGP-DNSSEC Integration for Securing BGP-Edición Única
Export citation
Abstract
The internet is the largest distributed system ever built. The internet is organized in a multitude of administratively independent networks called Autonomous Systems (ASes). An AS can be an Internet Service Provider (ISP), an important educational institution or a corporate network. Internet routing is implemented using a distributed system composed of many routers, grouped into administrative domains, the ASes. Routing information is exchanged between ASes using Border Gateway Protocol (BGP) that is an important component of the Internet and plays and important role in the wide structure of the Internet in these days. The Domain Name System (DNS) is an essential part of the Internet infrastructure and provides fundamental services, such as translating host names into IP addresses for Internet communication. Unfortunately, the DNS has few security safeguards. In particular,exist serious consequences for several web applications and for the control of this critical infrastructure. Imagine the economic impact if, for example, a DNS server redirect Amazon.com customers to a fake web site to which they submitted creditcard and personal information to complete their online purchases. In conjunction with various governments, research organizations, and the private sector, the Internet Engineering Task Force (IETF) has recently moved to address DNS securityissues through the development of a specification and associated protocol called DNS Security extensions (DNSSEC).
This thesis establish a new security proposal for BGP, with the use of DNSSEC. This thesis, is based in four different goals for secure BGP, these goals include the Authentication of AS Numbers and BGP speakers, the prefix ownership verification and finally the route validation. We establish the required parameters that could support our proposal with specific methods and approaches that benefit the use of DNS with DNSSEC as the database for the information of the interdomain. We also, find and establish a way to compare the three leading proposals with the new proposal that integrates BGP with DNSSEC