Techniques dealing with adversaries can be classified as Key distribution based or Non-PKI based.
Key-distribution based: One class of mechanisms builds on cryptographic enhancements of the BGP protocol, for instance the security mechanisms proposed by Smith et al. [31], Murphy et al. [27], Kent et al. [24], and recent work on Secure Origin BGP [28]. All these protocols make extensive use of digital signatures and public key certification. More lightweight approaches based on cryptographic hash functions have been proposed e.g., by Hu et al. [20,22] in the context of secure routing in ad hoc networks. However, these mechanisms require prior secure distribution of hash chain elements.
Why not use a PKI-based infrastructure? Public key infrastructures impose a heavy technological and management burden, and have received a fair share of criticism e.g., by Davis [16], Ellison and Schneier [17]. The PKI model has been criticized based on technical grounds, on grounds of a lack of trust and privacy, as well as on principle [16,17,15]. Building an Internet wide PKI infrastructure incurs huge costs and has a high risk of failure. Secure-BGP, despite the push by a tier-1 ISP, has been deployed only by a very small number of ISPs after 5 years (though an IETF working group on Secure-BGP exists).
Non-PKI approaches: Non-PKI based solutions offer far less security in the face of deliberate attacks. Some of these mechanisms assume the existence of databases with up to date authoritative route information against which routers verify the route announcements that they receive. The Internet Routing Registry [4] and the Inter-domain Route Validation Service proposed by Goodell et al. [19] belong to this category. Here, the problem is to ascertain the authenticity, completeness, and availability of the information in such a database. First, ISPs only reluctantly submit routing information because this may disclose local policies that the ISPs regard as confidential. Second, the origin authentication of the database contents again demands a public key infrastructure [28]. Third, access to such databases relies on the very infrastructure that it is meant to protect, which is hardly an ideal situation.