Many computer networks, including the Internet, may establish connections between a source and a destination through one or more routers. These routers may operate according to one of a variety of protocols, most commonly Border Gateway Protocol (BGP), Exterior Gateway Protocol (EGP), Intermediate-System to Intermediate-System (ISIS), Open Shortest Path First (OSPF), or Routing Information Protocol (RIP). BGP is the de facto routing protocol of the global Internet, connecting Autonomous Systems (AS) belonging to different administrative domains. According to BGP, routing decisions are made based on local preference, multiple exit discriminator (MED), AS path length, and other network policies or rulesets.
Usually, and in particular with BGP, the routers communicate with one another to exchange routing information. For example, a router may “advertise” a particular route to peer routers. The peer routers may receive the advertised route, and may adopt the advertised route to replace existing route information if, for example, the advertised route is shorter or the advertising router is a trusted source. In turn, these peer routers may further advertise the particular route to other routers.
Known methods of exchanging such routing information are insecure. For example, according to BGP, routes may be received and adopted without verification of their accuracy or authenticity. If an invalid route is adopted, it may result in failure to establish communication between a source and a destination. Worse, the invalid route may be advertised to peer routers and adopted by the peer routers. For networks such as the Internet, where numerous routers are involved and thousands of people may attempt to access a website at one time, such failure to establish communication can be widespread. Accordingly, a security model for use in such networks is desired.