Pretty Secure BGP (psBGP)
                        Tao Wan
                      10:00-10:25 
        Digital Security Group, School of Computer Science,
                Carleton University, Ottawa, Canada
                http://www.scs.carleton.ca/~twan

It is well known that the Border Gateway Protocol (BGP) -- an IETF standard
inter-domain routing protocol -- is vulnerable to a variety of attacks, and
that a single misconfigured or malicious BGP speaker could result in large
scale service disruption.

In this talk, we present {\it Pretty Secure BGP (psBGP)} -- a recently
proposed (NDSS'05) solution for securing BGP. psBGP differs from other
security proposals (e.g., S-BGP and soBGP) in its use of a decentralized
trust model for verifying the propriety of IP prefix origin. Each AS issues
a Prefix Assertion List (PAL), listing the prefixes assigned to itself and
to some of its neighbors. Each AS independently builds an AS prefix graph,
which is then used for verifying the propriety of a prefix origin, along
with its local policies (e.g., its trust in those ASes involved in a prefix
assertion). We believe psBGP trades off the strong security guarantees of
S-BGP for what appears to be simpler operations, e.g., it uses a PKI with a
simple structure, having a small number of certificate types, and of
manageable size.