Results 1 - 10
of
70
SPV: Secure Path Vector Routing for Securing BGP
, 2004
"... As our economy and critical infrastructure increasingly relies on the Internet, the insecurity of the underlying border gateway routing protocol (BGP) stands out as the Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of BGP. Securing BGP has become a priority. I ..."
Abstract
-
Cited by 124 (8 self)
- Add to MetaCart
As our economy and critical infrastructure increasingly relies on the Internet, the insecurity of the underlying border gateway routing protocol (BGP) stands out as the Achilles heel. Recent misconfigurations and attacks have demonstrated the brittleness of BGP. Securing BGP has become a priority. In this paper, we focus on a viable deployment path to secure BGP. We analyze security requirements, and consider tradeoffs of mechanisms that achieve the requirements. In particular, we study how to secure BGP update messages against attacks. We design an efficient cryptographic mechanism that relies only on symmetric cryptographic primitives to guard an ASPATH from alteration, and propose the Secure Path Vector (SPV) protocol. In contrast to the previously proposed S-BGP protocol, SPV is around 22 times faster. With the current effort to secure BGP, we anticipate that SPV will contribute several alternative mechanisms to secure BGP, especially for the case of incremental deployments.
Bind: A fine-grained attestation service for secure distributed systems
- In In Proceedings of the 2005 IEEE Symposium on Security and Privacy
, 2005
"... In this paper, we propose BIND (Binding Instructions aNd Data), 1 a fine-grained attestation service for securing distributed systems. Code attestation has recently received considerable attention in trusted computing. However, current code attestation technology is relatively immature. First, due t ..."
Abstract
-
Cited by 98 (3 self)
- Add to MetaCart
(Show Context)
In this paper, we propose BIND (Binding Instructions aNd Data), 1 a fine-grained attestation service for securing distributed systems. Code attestation has recently received considerable attention in trusted computing. However, current code attestation technology is relatively immature. First, due to the great variability in software versions and configurations, verification of the hash is difficult. Second, the time-of-use and time-of-attestation discrepancy remains to be addressed, since the code may be correct at the time of the attestation, but it may be compromised by the time of use. The goal of BIND is to address these issues and make code attestation more usable in securing distributed systems. BIND offers the following properties: 1) BIND performs fine-grained attestation. Instead of attesting to the entire memory content, BIND attests only to the piece of code we are concerned about. This greatly simplifies verification. 2) BIND narrows the gap between time-ofattestation and time-of-use. BIND measures a piece of code immediately before it is executed and uses a sand-boxing mechanism to protect the execution of the attested code. 3) BIND ties the code attestation with the data that the code produces, such that we can pinpoint what code has been run to generate that data. In addition, by incorporating the verification of input data integrity into the attestation, BIND offers transitive integrity verification, i.e., through one signature, we can vouch for the entire chain of processes that have performed transformations over a piece of data. BIND offers a general solution toward establishing a trusted environment for distributed system designers.
A Survey of BGP Security Issues and Solutions
- AT&T Labs - Research, Florham Park, NJ
, 2004
"... The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failu ..."
Abstract
-
Cited by 69 (6 self)
- Add to MetaCart
(Show Context)
The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities currently existing within interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their designs considered. We note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further investigation into the problems and solutions of BGP security.
Bgp routing policies in isp networks.
- Netwrk. Mag. of Global Internetwkg.,
, 2005
"... Abstract The Internet has quickly evolved into a vast global network owned and operated by thousands of different administrative entities. During this time, it became apparent that vanilla shortest-path routing would be insufficient to handle the myriad operational, economic, and political factors ..."
Abstract
-
Cited by 60 (3 self)
- Add to MetaCart
Abstract The Internet has quickly evolved into a vast global network owned and operated by thousands of different administrative entities. During this time, it became apparent that vanilla shortest-path routing would be insufficient to handle the myriad operational, economic, and political factors involved in routing. ISPs began to modify routing configurations to support routing policies, i.e. goals held by the router's owner that controlled which routes were chosen and which routes were propagated to neighbors. BGP, originally a simple path-vector protocol, was incrementally modified over time with a number of mechanisms to support policies, adding substantially to the complexity. Much of the mystery in BGP comes not only from the protocol complexity but also from a lack of understanding of the underlying policies and the problems ISPs face which they address. In this paper we shed light on goals operators have and their resulting routing policies, why BGP evolved the way it did, and how common policies are implemented using BGP. We also discuss recent and current work in the field that aims to address problems that arise in applying and supporting routing policies.
A Light-Weight DIstributed Scheme for Detecting IP Prefix Hijacks in Real-Time
, 2007
"... As more and more Internet IP prefix hijacking incidents are being reported, the value of hijacking detection services has become evident. Most of the current hijacking detection approaches monitor IP prefixes on the control plane and detect inconsistencies in route advertisements and route qualities ..."
Abstract
-
Cited by 57 (3 self)
- Add to MetaCart
As more and more Internet IP prefix hijacking incidents are being reported, the value of hijacking detection services has become evident. Most of the current hijacking detection approaches monitor IP prefixes on the control plane and detect inconsistencies in route advertisements and route qualities. We propose a different approach that utilizes information collected mostly from the data plane. Our method is motivated by two key observations: when a prefix is not hijacked, 1) the hop count of the path from a source to this prefix is generally stable; and 2) the path from a source to this prefix is almost always a super-path of the path from the same source to a reference point along the previous path, as long as the reference point is topologically close to the prefix. By carefully selecting multiple vantage points and monitoring from these vantage points for any departure from these two observations, our method is able to detect prefix hijacking with high accuracy in a light-weight, distributed, and real-time fashion. Through simulations constructed based on real Internet measurement traces, we demonstrate that our scheme is accurate with both false positive and false negative ratios below 0:5%.
A study of prefix hijacking and interception in the internet
- In Proceedings of ACM SIGCOMM
, 2007
"... There have been many incidents of prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic. Alternatively, it can transparently intercept the hijacked traffic by forwarding it onto the owner. This paper presents a study of such prefix hijacking and interception with the ..."
Abstract
-
Cited by 39 (1 self)
- Add to MetaCart
(Show Context)
There have been many incidents of prefix hijacking in the Internet. The hijacking AS can blackhole the hijacked traffic. Alternatively, it can transparently intercept the hijacked traffic by forwarding it onto the owner. This paper presents a study of such prefix hijacking and interception with the following contributions: (1). We present a methodology for prefix interception, (2). We estimate the fraction of traffic to any prefix that can be hijacked and intercepted in the Internet today, (3). The interception methodology is implemented and used to intercept real traffic to our prefix, (4). We conduct a detailed study to detect ongoing prefix interception. We find that: Our hijacking estimates are in line with the impact of past hijacking incidents and show that ASes higher up in the routing hierarchy can hijack a significant amount of traffic to any prefix, including popular prefixes. A less apparent result is that the same holds for prefix interception too. Further, our implementation shows that intercepting traffic to a prefix in the Internet is almost as simple as hijacking it. Finally, while we fail to detect ongoing prefix interception, the detection exercise highlights some of the challenges posed by the prefix interception problem.
NetReview: Detecting when interdomain routing goes wrong
"... Despite many attempts to fix it, the Internet’s interdomain routing system remains vulnerable to configuration errors, buggy software, flaky equipment, protocol oscillation, and intentional attacks. Unlike most existing solutions that prevent specific routing problems, our approach is to detect prob ..."
Abstract
-
Cited by 26 (13 self)
- Add to MetaCart
(Show Context)
Despite many attempts to fix it, the Internet’s interdomain routing system remains vulnerable to configuration errors, buggy software, flaky equipment, protocol oscillation, and intentional attacks. Unlike most existing solutions that prevent specific routing problems, our approach is to detect problems automatically and to identify the offending party. Fault detection is effective for a larger class of faults than fault prevention and is easier to deploy incrementally. To show that fault detection is useful and practical, we present NetReview, a fault detection system for the Border Gateway Protocol (BGP). NetReview records BGP routing messages in a tamper-evident log, and it enables ISPs to check each other’s logs against a high-level description of the expected behavior, such as a peering agreement or a set of best practices. At the same time, NetReview respects the ISPs ’ privacy and allows them to protect sensitive information. We have implemented and evaluated a prototype of NetReview; our results show that NetReview catches common Internet routing problems, and that its resource requirements are modest. 1
Open issues in interdomain routing: a survey
- IEEE Network
, 2005
"... Abstract—This paper surveys several research challenges in interdomain routing. We introduce and describe these challenges in a comprehensible manner, along with a review of the most compelling contributions and ongoing research efforts addressing each of the exposed issues. During this analysis we ..."
Abstract
-
Cited by 23 (3 self)
- Add to MetaCart
(Show Context)
Abstract—This paper surveys several research challenges in interdomain routing. We introduce and describe these challenges in a comprehensible manner, along with a review of the most compelling contributions and ongoing research efforts addressing each of the exposed issues. During this analysis we identify the relation between these research challenges and how they influence each other. We also present our perspectives on why these issues remain largely unsolved, and point out why some of the proposals made so far have not yet been adopted. We hope this could provide some insight on the future directions in this complex research area. Keywords-component; Interdomain Routing, BGP. I.
A distributed reputation approach to cooperative internet routing protection
- In Secure Network Protocols, 2005. (NPSec). 1st IEEE ICNP Workshop on
, 2005
"... The security of the Internet's interdomain rout-ing system hinges on whether autonomous systems (ASes) can trust the information they receive from each other via the Border Gateway Protocol (BGP). Frequently, this trust has been misguided, result-ing in wide-spread outages and signicant concern ..."
Abstract
-
Cited by 22 (2 self)
- Add to MetaCart
(Show Context)
The security of the Internet's interdomain rout-ing system hinges on whether autonomous systems (ASes) can trust the information they receive from each other via the Border Gateway Protocol (BGP). Frequently, this trust has been misguided, result-ing in wide-spread outages and signicant concerns about future attacks. Despite the seriousness of these problems, proposals for a more secure ver-sion of BGP have been stymied by serious imped-iments to practical deployment. Instead, we argue that the existing trust relationships between network operators (and the institutions they represent) are a powerful force for improving the security of BGP, without changing the underlying routing protocol. Our approach leverages ideas from online reputa-tion systems to allow ASes to form a peer-to-peer overlay that integrates results from local network-management tools for detecting attacks and con-guration errors. The proposed architecture is in-crementally deployable, protects against shilling at-tacks, and deters malicious operator behavior. 1
Secure Network Provenance
"... This paper introduces secure network provenance (SNP), a novel technique that enables networked systems to explain to their operators why they are in a certain state – e.g., why a suspicious routing table entry is present on a certain router, or where a given cache entry originated. SNP provides net ..."
Abstract
-
Cited by 16 (13 self)
- Add to MetaCart
(Show Context)
This paper introduces secure network provenance (SNP), a novel technique that enables networked systems to explain to their operators why they are in a certain state – e.g., why a suspicious routing table entry is present on a certain router, or where a given cache entry originated. SNP provides network forensics capabilities by permitting operators to track down faulty or misbehaving nodes, and to assess the damage such nodes may have caused to the rest of the system. SNP is designed for adversarial settings and is robust to manipulation; its tamper-evident properties ensure that operators can detect when compromised nodes lie or falsely implicate correct nodes. We also present the design of SNooPy, a general-purpose SNP system. To demonstrate that SNooPy is practical, we apply it to three example applications: the Quagga BGP daemon, a declarative implementation of Chord, and Hadoop MapReduce. Our results indicate that SNooPy can efficiently explain state in an adversarial setting, that it can be applied with minimal effort, and that its costs are low enough to be practical.
