Despite the existence of several secure BGP routing protocols, there has been little progress to date on actual adoption. Although feasibility for widespread adoption remains the greatest hurdle for BGP security, there has been little quantitative research into what properties contribute the most to the adoptability of a security scheme. In this paper, we provide a model for assessing the adoptability of a secure BGP routing protocol. We perform this evaluation by simulating incentives compatible adoption decisions of ISPs on the Internet under a variety of assumptions. Our results include: (a) the existence of a sharp threshold, where, if the cost of adoption is below the threshold, complete adoption takes place, while almost no adoption takes place above the threshold; (b) under a strong attacker model, adding a single hop of path authentication to origin authentication yields similar adoptability characteristics as a full path security scheme; (c) under a weaker attacker model, adding full path authentication (e.g., via S-BGP [9]) significantly improves the adoptability of BGP security over weaker path security schemes such as soBGP [16]. These results provide insight into the development of more adoptable secure BGP protocols and demonstrate the importance of studying adoptability of protocols.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	William Aiello , John Ioannidis , Patrick McDaniel, Origin authentication in interdomain routing, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948133]
	2	D. Eastlake, 3rd, Domain Name System Security Extensions, RFC Editor, 1999
	3	G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin. Working around BGP: An incremental approach to improving security and accuracy in interdomain routing. In Proceedings of symposium on Network and Distributed System Security (NDSS'03), February 2003.
	4	Xinming He, Christos Papadopoulos, and Pavlin Radoslavov. A framework for incremental deployment strategies for router-assisted services. In INFOCOM, 2003.
	5	http://www.routeviews.org/.University of Oregon route views project.
	6	Yih-Chun Hu , Adrian Perrig , Marvin Sirbu, SPV: secure path vector routing for securing BGP, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
	7	David Kempe , Jon Kleinberg , Éva Tardos, Maximizing the spread of influence through a social network, Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining, August 24-27, 2003, Washington, D.C.  [doi>10.1145/956750.956769]
	8	S. Kent, C. Lynn, J. Mikkelson, and K. Seo. Secure border gateway protocol (S-BGP) -real world performance and deployment issues. In Symposium on Network and Distributed Systems Security (NDSS '00), pages 103--116, San Diego, CA, February 2000.
	9	S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 18(4):582--592, apr 2000.
	10	C. Kruegel, D. Mutz, W. Robertson, and F. Valeur. Topology-based detection of anomalous BGP messages. In Proceedings of the 6th Symposium on Recent Advances in Intrusion Detection (RAID), 2003.
	11	Alberto Medina , Anukool Lakhina , Ibrahim Matta , John Byers, BRITE: An Approach to Universal Topology Generation, Proceedings of the Ninth International Symposium in Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS'01), p.346, August 15-18, 2001
	12	S. Murphy. BGP Security Vulnerabilities Analysis. IETF draft-ietf-idr-bgp-vuln-00, February 2002.
	13	William B. Norton. Internet service providers and peering. In Proceedings of NANOG 19, Albuquerque, New Mexico, June 2000.
	14	L. Subramanian, V. Roth, I. Stoica, S. Shenker, and R. Katz. Listen and whisper: Security mechanisms for BGP. In Proc. of the First Symposium on Networked Systems Design and Implementation NSDI'04), 2004.
	15	T. Wan, E. Kranakis, and P. van Oorschot. Pretty secure BGP (psBGP). In Proc. of Internet Society Symposium on Network and Distributed System Security (NDSS'05), 2005.
	16	R. White. Securing BGP through secure origin BGP. Technical report, Cisco Internet Protocol Journal, September 2003.
	17	J. Winick and S. Jamin. Inet 3.0: Internet topology generator. Technical Report CSE-TR-456-02, University Of Michigan, 2002.
	18	Harlan Yu, Jennifer Rexford, and Edward W. Felten. A distributed reputation approach to cooperative internet routing protection. In Workshop on Secure Network Protocols, 2005.
	19	E. Zegura, K. Calvert, and S. Bhattacharjee. How to model an internetwork. In Proceedings of IEEE Infocom '96, 1996.
	20	Yin Zhang , Matthew Roughan , Nick Duffield , Albert Greenberg, Fast accurate computation of large-scale IP traffic matrices from link loads, Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 11-14, 2003, San Diego, CA, USA
	21	Meiyuan Zhao , Sean W. Smith , David M. Nicol, Aggregated path authentication for efficient BGP security, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA  [doi>10.1145/1102120.1102139]
	22	Xiaoliang Zhao , Dan Pei , Lan Wang , Dan Massey , Allison Mankin , Shyhtsun Felix Wu , Lixia Zhang, Detection of Invalid Routing Announcement in the Internet, Proceedings of the 2002 International Conference on Dependable Systems and Networks, p.59-68, June 23-26, 2002

• ACM SIGCOMM Computer Communication Review
  Volume 36 ,  Issue 4   October 2006