S-BGP Design Overview

• IPsec: authenticity and integrity of peer-to-peer communication, automated key management

• Public Key Infrastructures (PKIs): secure identification of BGP speakers and of owners of AS’s and of address blocks

• Attestations --> authorization of the subject (by the issuer) to advertise specified address blocks

• Validation of UPDATEs based on a new path attribute, using certificates and attestations

• Distribution of countermeasure data: certificates, CRLs, attestations

Previous slide

Next slide

Back to first slide

View graphic version