Achieving Inter-domain Routing Security Based on Distributed Translator Trust Model

Lingjing Kong, Hong Shen

To resolve the difficulties in deployment of the classic security solution S-BGP (Secure Border Gateway Protocol), the Translator Trust Model (TTM) for a new solution SE-BGP (Security Enhanced BGP) was proposed to transform the centralized deployment mode of S-BGP to distributed mode. However, the trust (attestations of routing information) translation of TTM only depends on a single hub node and this results in severe threats for the inter-domain routing system. To overcome the deficiencies of TTM, in this paper we improve TTM to Distributed TTM (DTTM) by expanding the single hub node to a set of selected multiple hub nodes; in our DTTM, the task of attestations is distributed over multiple hub nodes instead of on a single hub node. In order to make the hub nodes respond to the case of single node failures, we design a restoration mechanism to recover the network based on the neighbour-ring structure. Besides, we develop Cooperative Secure BGP (CSBGP) to realize DTTM in BGP. In comparison with SE-BGP, our experimental results show that CS-BGP achieves an improved scalability, reduced convergence time and enhanced security.