Introduction
The article presents a safe architecture known as the S-Border Gateway Protocol (S-BGP) that can lead to the authorization and authentication of BGP, thereby reducing its associated security problems. Researchers in this study confirm that BGP has proven beyond a reasonable doubt that it is susceptible to varying attacks. The article states clearly that the lack of proper means to verify the authenticity, as well as the legitimacy of the control traffic associated with the BGP has been the major contributing factor in the unending attacks on BGP. The overview of the BGP is clearly outlined in the article, where the reader is introduced to the operation of the BGP. According to the article, the two main vulnerabilities that BGP faces include the attack on the Internet Protocol (IP) and the unauthorized modification and replacement of the software that is related to BGP. The weaknesses can lead to weaker user traffic and the misuse of network components. Moreover, the vulnerabilities can lead to congested networks and a breach of the rules that manage local routes. It is commendable to note that previous works that have been carried out to tackle security with regard to routing protocol have been recognized in this article. However, it has been noted that no other previous work had presented workable solutions to the security problems that were facing BGP.
Main body
There are a number of countermeasures that have been proposed in this article to address BGP security problems. There are two PKIs that are utilized by S-BGP to test the authenticity of the BGP speakers. The PKI’s uses are anchored on four types of X.509 (v3) certificates. This method requires every organization that has the right to own a section of the IP space to be issued with a certificate. The certificate proves ownership of a specific address. The uses of attestations (address and route attestations) have widely been advocated in this article as other countermeasures to BGP-related problems. The other three measures that have been proposed in the article are the validation of routes, the distribution of information on countermeasures, and the authentication of the router and IPsec.
Concerted efforts have been made in this article to explain how the proposed countermeasures tackle the vulnerabilities that attack BGP. For example, the certificates are said to allow the verification of advertisement of addresses and the organization’s right to an AS number, among other efforts. The attestations help in authenticating prefixes of the different IP addresses and providing reports on the route path through the UPDATE protocol. IPsec, as explained in the article, gives the required security provisions that are necessary for the verification of the integrity of messages that are received by the BGP speaker.
Despite the introduction of S-BGP architecture, there are still other vulnerabilities that the system is unable to tackle. An example of such problems is the inability to address the misbehavior of a particular BGP speaker, leading to the suppression of various BGP messages.
Conclusion
In conclusion, the article focused on the ability of the countermeasures to tackle security problems. Focus shifted to the analysis of processing the measures, the transmission bandwidth of the countermeasures, storage capacity of the BGP router, and the transition issues that were related to the deployment of the S-BGP. It is commendable to note that there were other subsequent researches that were carried out in an effort to make BGP more secure.