Ceek.jp Altmetrics (α ver.)
  1. ホーム
  2. 文献一覧: Jason PAUL CRUZ (著者)
  3. 3件

1 0 0 0 APVAS: Reducing the Memory Requirement of AS_PATH Validation by Introducing Aggregate Signatures into BGPsec

著者
Ouyang JUNJIE Naoto YANAI Tatsuya TAKEMURA Masayuki OKADA Shingo OKAMURA Jason Paul CRUZ
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E106-A, no.3, pp.170-184, 2023-03-01
The BGPsec protocol, which is an extension of the border gateway protocol (BGP) for Internet routing known as BGPsec, uses digital signatures to guarantee the validity of routing information. However, the use of digital signatures in routing information on BGPsec causes a lack of memory in BGP routers, creating a gaping security hole in today's Internet. This problem hinders the practical realization and implementation of BGPsec. In this paper, we present APVAS (AS path validation based on aggregate signatures), a new protocol that reduces the memory consumption of routers running BGPsec when validating paths in routing information. APVAS relies on a novel aggregate signature scheme that compresses individually generated signatures into a single signature. Furthermore, we implement a prototype of APVAS on BIRD Internet Routing Daemon and demonstrate its efficiency on actual BGP connections. Our results show that the routing tables of the routers running BGPsec with APVAS have 20% lower memory consumption than those running the conventional BGPsec. We also confirm the effectiveness of APVAS in the real world by using 800,000 routes, which are equivalent to the full route information on a global scale.

1 0 0 0 OA APVAS: Reducing the Memory Requirement of AS_PATH Validation by Introducing Aggregate Signatures into BGPsec

著者
Ouyang JUNJIE Naoto YANAI Tatsuya TAKEMURA Masayuki OKADA Shingo OKAMURA Jason PAUL CRUZ
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
pp.2022CIP0024, (Released:2023-01-11)
The BGPsec protocol, which is an extension of the border gateway protocol (BGP) for Internet routing known as BGPsec, uses digital signatures to guarantee the validity of routing information. However, the use of digital signatures in routing information on BGPsec causes a lack of memory in BGP routers, creating a gaping security hole in today's Internet. This problem hinders the practical realization and implementation of BGPsec. In this paper, we present APVAS (AS path validation based on aggregate signatures), a new protocol that reduces the memory consumption of routers running BGPsec when validating paths in routing information. APVAS relies on a novel aggregate signature scheme that compresses individually generated signatures into a single signature. Furthermore, we implement a prototype of APVAS on BIRD Internet Routing Daemon and demonstrate its efficiency on actual BGP connections. Our results show that the routing tables of the routers running BGPsec with APVAS have 20% lower memory consumption than those running the conventional BGPsec. We also confirm the effectiveness of APVAS in the real world by using 800,000 routes, which are equivalent to the full route information on a global scale.

1 0 0 0 OA SQUAB: A Virtualized Infrastructure for BGP-related Experiments and Its Applications to Evaluation on BGPsec

著者
Naoki Umeda Naoto Yanai Tatsuya Takemura Masayuki Okada Jason Paul Cruz Shingo Okamura
出版者
情報処理学会
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.63, no.12, 2022-12-15
Border gateway protocol (BGP), which is known as a backbone protocol of the Internet, is constantly the target of many hijack attacks. To combat such attacks, many extensions of BGP have been developed to make BGP more secure. However, to perform experiments to evaluate their performance, most BGP extensions require the utilization of platforms, such as testbeds, with high operating costs. In this paper, we propose Scalable QUagga-based Automated Configuration on Bgp (SQUAB), a lightweight evaluation tool for protocols under development and for protocols that will be developed by a user with actual devices locally. SQUAB can configure BGP networks automatically, and thus it can significantly reduce the overhead of experiments on BGP and its extensions. Unlike conventional testbeds, SQUAB can set up BGP networks locally and its execution requires only a computational resource of a typical laptop computer. We used SQUAB in experiments to check the validity of functions based on network topologies in the real world. Our results show that SQUAB can configure a network composed of 50 routers within 52.9 seconds and consumes only 354.7MB of memory. Furthermore, as a SQUAB application, we evaluate route convergence in networks mixing BGP and BGPsec and then show that route selection differs due to BGPsec while the convergence time is stable.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.30(2022) (online)DOI http://dx.doi.org/10.2197/ipsjjip.30.829------------------------------