Abstract
The global economy and society increasingly depends on computer networks linked together by the Internet. The importance of computer networks reaches far beyond the telecommunications sector since they have become a critical factor for many other crucial infrastructures and markets. With threats mounting and security incidents becoming more frequent, concerns about network security grow.
It is an acknowledged fact that some of the most fundamental network protocols that make the Internet work are exposed to serious threats. One of them is the Border Gateway Protocol (BGP) which determines how Internet traffic is routed through the topology of administratively independent networks that the Internet is comprised of. Despite the existence of a steadily growing number of BGP security proposals, to date none of them has been adopted.
Using a precise definition of BGP robustness we experimentally show that the degree of robustness is distributed unequally across the administrative domains of the Internet, the so-called Autonomous Systems (ASes). The experiments confirm the intuition that the contribution ASes are able to make towards securing the correct working of the inter-domain routing infrastructure by deploying countermeasures against routing attacks differ depending on their position in the AS topology. We also show that the degree of this asymmetry can be controlled by the choice of the security strategy. We compare the strengths and weaknesses of two fundamentally different approaches in increasing BGP's robustness which we termed ingress and egress detection of false route advertisements and indicate their implications. Our quantitative results have important implications for Internet security policy, in particular with respect to the crucial question where to start the deployment of which type of security scheme in order to maximize the Internet's robustness to routing attacks.
- Butler, K., Farley, T., McDaniel, P., and Rexford, J. 2004. A survey of BGP security issues and solutions. Proc. IEEE 98, 1, 100--122.Google Scholar
Cross Ref
- Chan, H., Dash, D., Perrig, A., and Zhang, H. 2006. Modeling adoptability of secure BGP protocols. In Proceedings of the CM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (ACM SIGCOMM'06). ACM, 389--390. Google Scholar
Digital Library
- European Union. 2001. Network and information security: Proposal for a European policy approach. http://ec.europa.eu/information_society/eeurope/2002/news_library/pdf_files/netsec_en.pdf.Google Scholar
- Feamster, N., Borkenhagen, J., and Rexford, J. 2003. Guidelines for Interdomain traffic engineering. SIGCOMM Comput. Comm. Rev. 33, 5, 19--30. Google Scholar
Digital Library
- Feldman, M., Chuang, J., Stoica, I., and Shenker, S. 2005. Hidden-action in multi-hop routing. In Proceedings of the 6th ACM Conference on Electronic Commerce. Google Scholar
Digital Library
- Feldmann, A. 2007. Internet clean-slate design: What and why? SIGCOMM Comput. Comm. Rev. 37, 3, 59--64. Google Scholar
Digital Library
- CAIDA. 2009. Data Collection at CAIDA. http://www.caida.org/data/.Google Scholar
- Gao, L. 2001. On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Trans. Network. 9, 6, 733--745. Google Scholar
Digital Library
- Gill, V., Heasley, J., and Meyer, D. 2004. The generalized TTL security mechanism (GTSM). RFC 3682. Google Scholar
Digital Library
- Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., and Rubin, A. 2003. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing. In Proceedings of the Network and Distributed System Security Symposium (NDSS '03).Google Scholar
- Heffernan, A. 2002. Protection of BGP sessions via the TCP MD5 signature option. RFC 2385. Google Scholar
Digital Library
- Hu, Y., Perrig, A., and Sirbu, M. A. 2004. SPV: Secure Path Vector Routing for Securing BGP. In Proceedings of the ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (ACM SIGCOMM'04). ACM, 179--192. Google Scholar
Digital Library
- Kent, S., Lynn, C., Mikkelson, J., and Seo, K. 2000. Secure border gateway protocol (S-BGP): Real world performance and deployment issues. In Proceedings of the Network and Distributed System Security Symposium (NDSS'00).Google Scholar
- Kent, S., Lynn, C., and Seo, K. 2000. Secure border gateway protocol (S-BGP). IEEE J. Select. Areas Comm. 18, 4, 582--592. Google Scholar
Digital Library
- Labovitz, C., Ahuja, A., Bose, A., and Jahanian, F. 2001. Delayed internet routing convergence. IEEE/ACM Trans. Netw. 9, 3, 293--306. Google Scholar
Digital Library
- Labovitz, C., Malan, G., and Jahanian, F. 1999. Origins of internet routing instability. In Proceedings of the 18th Annual Joint Conference of the IEEE Computer and Communications Societies. 218 --226.Google Scholar
- Mahajan, R., Wetherall, D., and Anderson, T. 2002. Understanding BGP misconfiguration. In Proceedings of the ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (ACM SIGCOMM'02). ACM, 3--16. Google Scholar
Digital Library
- Mao, Z. M., Govindan, R., Varghese, G., and Katz, R. H. 2002. Route flap damping exacerbates internet routing convergence. SIGCOMM Comput. Comm. Rev. 32, 4, 221--233. Google Scholar
Digital Library
- Misel, S. 1997. Wow, AS 7007! lurlhttp://www.merit.eduJmail.archives/nanog/1997-04/msg00340.html.Google Scholar
- Murphy, S. 2006. BGP security vulnerabilities analysis. RFC 4272.Google Scholar
- Nicol, D. M., Smith, S. W., and Zhao, M. 2003. Efficientsecurity for BGP route announcements. Tech. rep. TR2003-440, Dartmouth College.Google Scholar
- Odlyzko, A. 2003. Economics, psychology, and sociology of security. http://www.dtc.umn.edu/odlyzko/doc/econ.psych.security.pdf.Google Scholar
- Rekhter, Y. and Li, T. 2006. A border gateway protocol 4 (BGP 4). RFC 4271.Google Scholar
- Subramanian, L., Caesar, M., Ee, C. T., Handley, M., Mao, Z. M., Shenker, S., and Stoica, I. 2004a. Towards a next generation inter-domain routing protocol. In Proceedings of the 3rd Workshop on Hot Topics in Networks.Google Scholar
- Subramanian, L., Roth, V., Stoica, I., Shenker, S., and Katz, R. H. 2004b. Listen and whisper: Security mechanisms for BGP. In Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDl). USENIX, 127--140. Google Scholar
Digital Library
- Tangmunarunkit, H., Govindan, R., Shenker, S., and Estrin, D. 2001. The Impact of Routing Policy on Internet Paths. In Proceedings of the 20th Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE INFOCOM'01). 736--742.Google Scholar
- The President's Critical Infrastructure Protection Board. 2003. The national strategy to secure cyberspace. http://www.us-cert.gov/reading_room/cyberspace_strategy.pdf.Google Scholar
- Varadhan, K., Govindan, R., and Estrin, D. 2000. Persistent Route Oscillations in Inter-domain Routing. Comput. Netw. 32, 1, 1--16.Google Scholar
Cross Ref
- Wendlandt, D., Avramopoulos, I., Andersen, D. G., and Rexford, J. 2006. Don't secure routing protocols, secure data delivery. In Proceedings of the Workshop on Hot Topics in Networks (HotNets'06).Google Scholar
- White, R. 2004. Deployment considerations for secure origin BGP (soBGP). http://tools.ietf.org/html/draft-white-sobgp-architecture-OO.Google Scholar
- Yu, H., Rexford, J., and Felten, E. W. 2005. A distributed reputation approach cooperative internet routing protection. In Proceedings of the 1st IEEE Workshop on Secure Network Protocols. Google Scholar
Digital Library
- Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S. F., and Zhang, L. 2002. Detection of invalid routing announcement in the internet. In Proceedings of the International Conference on Dependable Systems and Networks (DSN'02). IEEE Computer Society, 59--68. Google Scholar
Digital Library
Index Terms
Comparing ingress and egress detection to secure interdomain routing: An experimental analysis
Recommendations
Inter-domain collaborative routing (IDCR): Server selection for optimal client performance
Communication between institutions, or domains, residing in the Internet requires a route to be created between the routing domains. Each of these domains is controlled by a single administrative authority, and is referred to as an autonomous system (AS)...
How secure are secure interdomain routing protocols
SIGCOMM '10In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information. To inform discussions of which variant should be deployed in the Internet, we quantify the ability of the ...
Practical Interdomain Routing Security
This article reviews risks and vulnerabilities in interdomain routing and best practices that can have near-term benefits for routing security. It includes examples of routing failures and common attacks on routers, and countermeasures to reduce router ...






Comments