APVAS: Reducing Memory Size of AS_PATH Validation by Using Aggregate Signatures
share
The BGPsec protocol, which is an extension of the border gateway protocol (BGP), uses digital signatures to guarantee the validity of routing information. However, BGPsec's use of digital signatures in routing information causes a lack of memory in BGP routers and therefore creates a gaping security hole in today's Internet. This problem hinders the practical realization and implementation of BGPsec. In this paper, we present APVAS (AS path validation based on aggregate signatures), a new validation method that reduces memory consumption of BGPsec when validating paths in routing information. To do this, APVAS relies on a novel aggregate signature scheme that compresses individually generated signatures into a single signature in two ways, i.e., in sequential and interactive fashions. Furthermore, we implement a prototype of APVAS on BIRD Internet Routing Daemon and demonstrate its efficiency on actual BGP connections. Our results show that APVAS can reduce memory consumption by 80% in comparison with the conventional BGPsec.
READ FULL TEXT