Robert Lychev
ABSTRACT
As the rollout of secure route origin authentication with the RPKI slowly gains traction among network operators, there is a push to standardize secure path validation for BGP (i.e., S*BGP: S-BGP, soBGP, BGPSEC, etc.). Origin authentication already does much to improve routing security. Moreover, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in "partial deployment" alongside BGP for a long time. We therefore use theoretical and experimental approach to study the security benefits provided by partially-deployed S*BGP, vis-a-vis those already provided by origin authentication. Because routing policies have a profound impact on routing security, we use a survey of 100 network operators to find the policies that are likely to be most popular during partial S*BGP deployment. We find that S*BGP provides only meagre benefits over origin authentication when these popular policies are used. We also study the security benefits of other routing policies, provide prescriptive guidelines for partially-deployed S*BGP, and show how interactions between S*BGP and BGP can introduce new vulnerabilities into the routing system.
- IRR power tools. http://sourceforge.net/projects/irrpt/, 2011.Google Scholar
- Working group 6 Secure BGP Deployment Report. Technical report, FCC CSRIC http://transition.fcc.gov/bureaus/pshs/advisory/csric3/CSRICIII_9-12-12_WG6-Final-Report.pdf, 2012.Google Scholar
- B. Ager, N. Chatzis, A. Feldmann, N. Sarrar, S. Uhlig, and W. Willinger. Anatomy of a large european IXP. In SIGCOMM'12, 2012. Google ScholarDigital Library
- Alexa. The top 500 sites on the web. http://www.alexa.com/topsites, October 1 2012.Google Scholar
- B. Augustin, B. Krishnamurthy, and W. Willinger. IXPs: Mapped? In IMC'09, 2009. Google ScholarDigital Library
- I. Avramopoulos, M. Suchara, and J. Rexford. How small groups can secure interdomain routing. Technical report, Princeton University Comp. Sci., 2007.Google Scholar
- H. Ballani, P. Francis, and X. Zhang. A study of prefix hijacking and interception in the Internet. In SIGCOMM'07, 2007. Google ScholarDigital Library
- A. Boldyreva and R. Lychev. Provable security of S-BGP and other path vector protocols: model, analysis and extensions. In CCS'12, pages 541--552. Google ScholarDigital Library
- M. A. Brown. Rensys Blog: Pakistan hijacks YouTube. http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml.Google Scholar
- K. Butler, T. Farley, P. McDaniel, and J. Rexford. A survey of BGP security issues and solutions. Proceedings of the IEEE, 2010.Google ScholarCross Ref
- H. Chang, D. Dash, A. Perrig, and H. Zhang. Modeling adoptability of secure BGP protocol. In SIGCOMM'06, 2006. Google ScholarDigital Library
- Y.-J. Chi, R. Oliveira, and L. Zhang. Cyclops: The Internet AS-level observatory. SIGCOMM CCR, 2008. Google ScholarDigital Library
- Cisco. BGP best path selection algorithm: How the best path algorithm works. Document ID: 13753, May 2012. http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml#bestpath.Google Scholar
- J. Cowie. Rensys blog: China's 18-minute mystery. http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml.Google Scholar
- A. Dhamdhere and C. Dovrolis. Twelve years in the evolution of the internet ecosystem. Trans. Netw., 19(5):1420--1433, 2011. Google ScholarDigital Library
- L. Gao, T. Griffin, and J. Rexford. Inherently safe backup routing with BGP. IEEE INFOCOM, 2001.Google Scholar
- L. Gao and J. Rexford. Stable Internet routing without global coordination. Trans. Netw., 2001. Google ScholarDigital Library
- P. Gill, S. Goldberg, and M. Schapira. A survey of interdomain routing policies. NANOG'56, October 2012.Google Scholar
- P. Gill, M. Schapira, and S. Goldberg. Let the market drive deployment: A strategy for transistioning to BGP security. SIGCOMM'11, 2011. Google ScholarDigital Library
- S. Goldberg, S. Halevi, A. D. Jaggard, V. Ramachandran, and R. N. Wright. Rationality and traffic attraction: Incentives for honest path announcements in BGP. In SIGCOMM'08, 2008. Google ScholarDigital Library
- S. Goldberg, M. Schapira, P. Hummon, and J. Rexford. How secure are secure interdomain routing protocols? In SIGCOMM'10, 2010. Google ScholarDigital Library
- T. Griffin and G. Huston. BGP wedgies. RFC 4264, 2005.Google Scholar
- T. Griffin, F. B. Shepherd, and G. Wilfong. The stable paths problem and interdomain routing. Trans. Netw., 2002. Google ScholarDigital Library
- G. Huston. Peering and settlements - Part I. The Internet Protocol Journal (Cisco), 2(1), March 1999.Google Scholar
- G. Huston. Peering and settlements - Part II. The Internet Protocol Journal (Cisco), 2(2), June 1999.Google Scholar
- S. Kent and A. Chi. Threat model for BGP path security. Internet draft: draft-ietf-sidr-bgpsec-threats-04, 2013.Google Scholar
- S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (S-BGP). JSAC, 2000. Google ScholarDigital Library
- C. Labovitz. Arbor blog: Battle of the hyper giants. http://asert.arbornetworks.com/2010/04/ the-battle-of-the-hyper-giants-part-i-2/.Google Scholar
- C. Labovitz. Internet traffic 2007 - 2011. Global Peering Forum. Santi Monica, CA., April 2011.Google Scholar
- C. Labovitz, S. Iekel-Johnson, D. McPherson, J. Oberheide, and F. Jahanian. Internet inter-domain traffic. In SIGCOMM'10, 2010. Google ScholarDigital Library
- M. Lepinski. Bgpsec protocol specification: draft-ietf-sidr-bgpsec-protocol-06. Internet-Draft, 2012.Google Scholar
- M. Lepinski and S. Kent. RFC 6480: An Infrastructure to Support Secure Internet Routing.Google Scholar
- R. Lychev, S. Goldberg, and M. Schapira. Network destabilizing attacks. In PODC'12, 2012. Google ScholarDigital Library
- R. Lychev, S. Goldberg, and M. Schapira. Is the juice worth the squeeze? BGP security in partial deployment. Technical report, Arxiv, 2013.Google Scholar
- P. McDaniel, W. Aiello, K. Butler, and J. Ioannidis. Origin authentication in interdomain routing. Computer Networks, November 2006. Google ScholarDigital Library
- S. Misel. "Wow, AS7007!". Merit NANOG Archive, April 1997. http://www.merit.edu/mail.archives/nanog/ 1997-04/msg00340.html.Google Scholar
- P. Mohapatra, J. Scudder, D. Ward, R. Bush, and R. Austein. BGP Prefix Origin Validation. Internet Engineering Task Force Network Working Group, 2012. http://tools.ietf.org/html/ draft-ietf-sidr-pfx-validate-09.Google Scholar
- P. Palse. Serving ROAs as RPSL route{6} Objects from the RIPE Database. RIPE Labs, June 2010. https://labs.ripe.net/Members/Paul_P_/content-serving-roas-rpsl-route-objects.Google Scholar
- T. Paseka. Cloudflare blog: Why google went offline today., November 2012. http://blog.cloudflare.com/why-google-went-offline-today-and-a-bit-about.Google Scholar
- A. Pilosov and T. Kapela. Stealing the Internet: An Internet-scale man in the middle attack, 2008. DEFCON'16.Google Scholar
- Reuters. Internet providers pledge anti-botnet effort, March 22 2012.Google Scholar
- M. Roughan, W. Willinger, O. Maennel, D. Perouli, and R. Bush. 10 lessons from 10 years of measuring and modeling the internet?s autonomous systems. JSAC, 29(9):1810--1821, 2011.Google ScholarCross Ref
- R. Sami, M. Schapira, and A. Zohar. Searching for stability in interdomain routing. In INFOCOM'09, 2009.Google ScholarCross Ref
- Sandvine. Fall 2012 global internet phenomena, 2012.Google Scholar
- K. Sriram. BGPSEC design choices and summary of supporting discussions. Internet-Draft: draft-sriram-bgpsec-design-choices-03, January 2013.Google Scholar
- R. White. Deployment considerations for secure origin BGP (soBGP). draft-white-sobgp-bgp-deployment-01.txt, June 2003, expired.Google Scholar
Index Terms
BGP security in partial deployment: is the juice worth the squeeze?
Comments