APVAS: Reducing Memory Size of AS\_PATH Validation by Using Aggregate Signatures
This addresses a critical security and scalability issue for BGP routers in Internet infrastructure, though it appears incremental as it builds on existing BGPsec with a new signature scheme.
The paper tackles the memory consumption problem in BGPsec, a protocol for securing Internet routing, by proposing APVAS, a new validation method that reduces memory usage by 80% compared to conventional BGPsec.
The \textit{BGPsec} protocol, which is an extension of the border gateway protocol (BGP), uses digital signatures to guarantee the validity of routing information. However, BGPsec's use of digital signatures in routing information causes a lack of memory in BGP routers and therefore creates a gaping security hole in today's Internet. This problem hinders the practical realization and implementation of BGPsec. In this paper, we present APVAS (AS path validation based on aggregate signatures), a new validation method that reduces memory consumption of BGPsec when validating paths in routing information. To do this, APVAS relies on a novel aggregate signature scheme that compresses individually generated signatures into a single signature in two ways, i.e., in sequential and interactive fashions. Furthermore, we implement a prototype of APVAS on \textit{BIRD Internet Routing Daemon} and demonstrate its efficiency on actual BGP connections. Our results show that APVAS can reduce memory consumption by 80\% in comparison with the conventional BGPsec.