Results 11 - 20
of
141
A Light-Weight DIstributed Scheme for Detecting IP Prefix Hijacks in Real-Time
, 2007
"... As more and more Internet IP prefix hijacking incidents are being reported, the value of hijacking detection services has become evident. Most of the current hijacking detection approaches monitor IP prefixes on the control plane and detect inconsistencies in route advertisements and route qualities ..."
Abstract
-
Cited by 57 (3 self)
- Add to MetaCart
As more and more Internet IP prefix hijacking incidents are being reported, the value of hijacking detection services has become evident. Most of the current hijacking detection approaches monitor IP prefixes on the control plane and detect inconsistencies in route advertisements and route qualities. We propose a different approach that utilizes information collected mostly from the data plane. Our method is motivated by two key observations: when a prefix is not hijacked, 1) the hop count of the path from a source to this prefix is generally stable; and 2) the path from a source to this prefix is almost always a super-path of the path from the same source to a reference point along the previous path, as long as the reference point is topologically close to the prefix. By carefully selecting multiple vantage points and monitoring from these vantage points for any departure from these two observations, our method is able to detect prefix hijacking with high accuracy in a light-weight, distributed, and real-time fashion. Through simulations constructed based on real Internet measurement traces, we demonstrate that our scheme is accurate with both false positive and false negative ratios below 0:5%.
Oorschot. Pretty secure BGP (psBGP
- In The 12th Annual Network and Distributed System Security Symposium (NDSS’05
, 2005
"... The Border Gateway Protocol (BGP) is an IETF standard inter-domain routing protocol on the Internet. However, it is well known that BGP is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large scale service disruption. We first summarize a ..."
Abstract
-
Cited by 48 (4 self)
- Add to MetaCart
(Show Context)
The Border Gateway Protocol (BGP) is an IETF standard inter-domain routing protocol on the Internet. However, it is well known that BGP is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large scale service disruption. We first summarize a set of security goals for BGP, and then propose Pretty Secure BGP (ps-BGP) as a new security protocol achieving these goals. psBGP makes use of a centralized trust model for authenticating Autonomous System (AS) numbers, and a decentralized trust model for verifying the propriety of IP prefix origination. We compare psBGP with S-BGP and soBGP, the two leading security proposals for BGP. We believe psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operations, while requiring a different endorsement model: each AS must select a small number (e.g., one or two) of its peers from which to obtain endorsement of its prefix ownership assertions. This work contributes to the ongoing exploration of tradeoffs and balance between security guarantee, operational simplicity, and policies acceptable to the operator community. 1.
Modeling adoptability of secure BGP protocol
- In SIGCOMM
, 2006
"... Despite the existence of several secure BGP routing protocols, there has been little progress to date on actual adoption. Although feasi-bility for widespread adoption remains the greatest hurdle for BGP security, there has been little quantitative research into what prop-erties contribute the most ..."
Abstract
-
Cited by 48 (0 self)
- Add to MetaCart
(Show Context)
Despite the existence of several secure BGP routing protocols, there has been little progress to date on actual adoption. Although feasi-bility for widespread adoption remains the greatest hurdle for BGP security, there has been little quantitative research into what prop-erties contribute the most to the adoptability of a security scheme. In this paper, we provide a model for assessing the adoptability of a secure BGP routing protocol. We perform this evaluation by simulating incentives compatible adoption decisions of ISPs on the Internet under a variety of assumptions. Our results include: (a) the existence of a sharp threshold, where, if the cost of adoption is below the threshold, complete adoption takes place, while almost no adoption takes place above the threshold; (b) under a strong at-tacker model, adding a single hop of path authentication to origin authentication yields similar adoptability characteristics as a full path security scheme; (c) under a weaker attacker model, adding full path authentication (e.g., via S-BGP [9]) significantly improves the adoptability of BGP security over weaker path security schemes such as soBGP [16]. These results provide insight into the devel-opment of more adoptable secure BGP protocols and demonstrate the importance of studying adoptability of protocols.
Analyzing BGP Policies: Methodology and Tool
- in Proc. IEEE INFOCOM
, 2004
"... The robustness of the Internet relies heavily on the robustness of BGP routing. BGP is the glue that holds the Internet together: it is the common language of the routers that interconnect networks or Autonomous Systems(AS). The robustness of BGP and our ability to manage it effectively is hampered ..."
Abstract
-
Cited by 46 (2 self)
- Add to MetaCart
The robustness of the Internet relies heavily on the robustness of BGP routing. BGP is the glue that holds the Internet together: it is the common language of the routers that interconnect networks or Autonomous Systems(AS). The robustness of BGP and our ability to manage it effectively is hampered by the limited global knowledge and lack of coordination between Autonomous Systems. One of the few efforts to develop a globally analyzable and secure Internet is the creation of the Internet Routing Registries (IRRs). IRRs provide a voluntary detailed repository of BGP policy information. The IRR effort has not reached its full potential because of two reasons: a) extracting useful information is far from trivial, and b) its accuracy of the data is uncertain.
Rationality and Traffic Attraction: Incentives for Honest Path Announcements in BGP
, 2008
"... We study situations in which autonomous systems (ASes) may have incentives to send BGP announcements differing from the AS-level paths that packets traverse in the data plane. Prior work on this issue assumed that ASes seek only to obtain the best possible outgoing path for their traffic. In reality ..."
Abstract
-
Cited by 43 (7 self)
- Add to MetaCart
(Show Context)
We study situations in which autonomous systems (ASes) may have incentives to send BGP announcements differing from the AS-level paths that packets traverse in the data plane. Prior work on this issue assumed that ASes seek only to obtain the best possible outgoing path for their traffic. In reality, other factors can influence a rational AS’s behavior. Here we consider a more natural model, in which an AS is also interested in attracting incoming traffic (e.g., because other ASes pay it to carry their traffic). We ask what combinations of BGP enhancements and restrictions on routing policies can ensure that ASes have no incentive to lie about their data-plane paths. We find that protocols like S-BGP alone are insufficient, but that S-BGP does suffice if coupled with additional (quite unrealistic) restrictions on routing policies. Our game-theoretic analysis illustrates the high cost of ensuring that the ASes honestly announce data-plane paths in their BGP path announcements.
Spoofing prevention method
- In Proc. IEEE INFOCOM
, 2005
"... Abstract — A new approach for filtering spoofed IP packets, called Spoofing Prevention Method (SPM), is proposed. The method enables routers closer to the destination of a packet to verify the authenticity of the source address of the packet. This stands in contrast to standard ingress filtering whi ..."
Abstract
-
Cited by 42 (0 self)
- Add to MetaCart
(Show Context)
Abstract — A new approach for filtering spoofed IP packets, called Spoofing Prevention Method (SPM), is proposed. The method enables routers closer to the destination of a packet to verify the authenticity of the source address of the packet. This stands in contrast to standard ingress filtering which is effective mostly at routers next to the source and is ineffective otherwise. In the proposed method a unique temporal key is associated with each ordered pair of source destination networks (AS’s, autonomous systems). Each packet leaving a source network S is tagged with the key K(S, D), associated with (S, D), where D is the destination network. Upon arrival at the destination network the key is verified and removed. Thus the method verifies the authenticity of packets carrying the address s which belongs to network S. An efficient implementation of the method, ensuring not to overload the routers, is presented. The major benefits of the method are the strong incentive it provides to network operators to implement it, and the fact that the method lends itself to stepwise deployment, since it benefits networks deploying the method even if it is implemented only on parts of the Internet. These two properties, not shared by alternative approaches, make it an attractive and viable solution to the packet spoofing problem.
Aggregated path authentication for efficient BGP security
- IN ACM CONFERERNCE ON COMPUTER AND COMMUNICATION SECURITY (CCS
, 2005
"... The Border Gateway Protocol (BGP) controls inter-domain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. Secure BGP (S-BGP) uses DSA to provide route authentication and mitigate many of these risks. However, many performance and de ..."
Abstract
-
Cited by 42 (1 self)
- Add to MetaCart
The Border Gateway Protocol (BGP) controls inter-domain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. Secure BGP (S-BGP) uses DSA to provide route authentication and mitigate many of these risks. However, many performance and deployment issues prevent S-BGP’s real-world deployment. Previous work has explored improving S-BGP processing latencies, but space problems, such as increased message size and memory cost, remain the major obstacles. In this paper, we design aggregated path authentication schemes by combining two efficient cryptographic techniques— signature amortization and aggregate signatures. We propose six constructions for aggregated path authentication that substantially improve efficiency of S-BGP’s path authentication on both speed and space criteria. Our performance evaluation shows that the new schemes achieve such an efficiency that they may overcome the space obstacles and provide a real-world practical solution for BGP security.
Accountable Internet Protocol (AIP)
"... This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the corresponding entity. We discuss how AIP enables si ..."
Abstract
-
Cited by 40 (1 self)
- Add to MetaCart
(Show Context)
This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the corresponding entity. We discuss how AIP enables simple solutions to source spoofing, denial-of-service, route hijacking, and route forgery. We also discuss how AIP’s design meets the challenges of scaling, key management, and traffic engineering. Categories and Subject Descriptors C.2.6 [Internetworking]; C.2.1 [Computer-Communication
A study of prefix hijacking and interception in the internet
- In Proceedings of ACM SIGCOMM
, 2007
"... There have been many incidents of prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic. Alternatively, it can transparently intercept the hijacked traffic by forwarding it onto the owner. This paper presents a study of such prefix hijacking and interception with the ..."
Abstract
-
Cited by 39 (1 self)
- Add to MetaCart
(Show Context)
There have been many incidents of prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic. Alternatively, it can transparently intercept the hijacked traffic by forwarding it onto the owner. This paper presents a study of such prefix hijacking and interception with the following contributions: (1). We present a methodology for prefix interception, (2). We estimate the fraction of traffic to any prefix that can be hijacked and intercepted in the Internet today, (3). The interception methodology is implemented and used to intercept real traffic to our prefix, (4). We conduct a detailed study to detect ongoing prefix interception. We find that: Our hijacking estimates are in line with the impact of past hijacking incidents and show that ASes higher up in the routing hierarchy can hijack a significant amount of traffic to any prefix, including popular prefixes. A less apparent result is that the same holds for prefix interception too. Further, our implementation shows that intercepting traffic to a prefix in the Internet is almost as simple as hijacking it. Finally, while we fail to detect ongoing prefix interception, the detection exercise highlights some of the challenges posed by the prefix interception problem.
Topology-Based Detection of Anomalous BGP Messages
- In Proceedings of the 6th Symposium on Recent Advances in Intrusion Detection (RAID
, 2003
"... The Border Gateway Protocol (BGP) is a fundamental component of the current Internet infrastructure. Due to the inherent trust relationship between peers, control of a BGP router could enable an attacker to redirect trac allowing man-in-the-middle attacks or to launch a large-scale denial of ser ..."
Abstract
-
Cited by 38 (0 self)
- Add to MetaCart
(Show Context)
The Border Gateway Protocol (BGP) is a fundamental component of the current Internet infrastructure. Due to the inherent trust relationship between peers, control of a BGP router could enable an attacker to redirect trac allowing man-in-the-middle attacks or to launch a large-scale denial of service. It is known that BGP has weaknesses that are fundamental to the protocol design. Many solutions to these weaknesses have been proposed, but most require resource intensive cryptographic operations and modi cations to the existing protocol and router software. For this reason, none of them have been widely adopted. However, the threat necessitates an eective, immediate solution.
