Design Overview

• IPsec --> authenticity, integrity, and anti-replay protection of peer-to-peer communication

• Public Key Infrastructures (PKIs) --> secure identification of BGP speakers and of owners of ASes and of address blocks

• Attestations --> authorization of the subject (by the issuer) to advertise the specified address blocks, or ASes in the AS Path

  • Can also protect other Path Attributes

• Validation of UPDATEs using certificates and attestations

• Distribution of countermeasures information --> certificates, CRLs, attestations

Previous slide

Next slide

Back to first slide

View graphic version