We present novel and practical techniques to accurately detect IP prefix hijacking attacks in real time to facilitate mitigation. Attacks may hijack victim’s address space to disrupt network services or perpetrate malicious activities such as spamming and DoS attacks without disclosing identity. We propose novel ways to significantly improve the detection accuracy by combining analysis of passively collected BGP routing updates with data plane fingerprints of suspicious prefixes. The key insight is to use data plane information in the form of edge network fingerprinting to disambiguate suspect IP hijacking incidences based on routing anomaly detection. Conflicts in data plane fingerprints provide much more definitive evidence of successful IP prefix hijacking. Utilizing multiple real-time BGP feeds, we demonstrate the ability of our system to distinguish between legitimate routing changes and actual attacks. Strong correlation with addresses that originate spam emails from a spam honeypot confirms the accuracy of our techniques.

The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities currently existing within interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their designs considered. We note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further investigation into the problems and solutions of BGP security.

Despite the existence of many security schemes for BGP with varying properties, to date there has been little progress on actual BGP security adoption. Although feasibility for widespread adoption remains the greatest hurdle for BGP security, there has been little quantitative research into what exactly improves the adoptability of a security scheme. To the best of our knowledge, we provide the first model for characterizing the adoptability of a protocol. Furthermore, we present an approach for performing this evaluation by simulating incentives compatible adoption decisions of ISPs on the Internet under a variety of assumptions. Our extensive evaluation results include: (a) the existence of a sharp threshold, where, if the cost of adoption is below the threshold, complete adoption takes place, while almost no adoption takes place above the threshold; (b) under a strong attacker model, adding a single hop of path authentication to origin authentication yields similar adoptability characteristics as a full path security scheme; (c) under a weaker attacker model, adding full path authentication (e.g., via S-BGP [10]) significantly improves the adoptability of BGP security over weaker path security schemes such as soBGP [18]. These results provide insight into the development of more adoptable secure BGP protocols and demonstrate the importance of studying adoptability of protocols. 1

A prefix hijack attack involves an attacker announcing victim networks ’ IP prefixes into the global routing system. As a result, data traffic from portions of the Internet can be diverted to attacker networks. Prefix hijack attacks are a serious security threat in the Internet and it is important to understand the factors that affect the resiliency of victim networks against these attacks. In this paper, we conducted a systematic study to gauge the effectiveness of prefix hijacks launched at different locations in the Internet topology. Our study shows that direct customers of multiple tier-1 networks are the most resilient, even more than the tier-1 networks themselves. Conversely, if these customer networks are used to launch prefix hijacks, they would also be the most effective launching pads for attacks. We verified our results through case studies using real prefix hijack incidents that had occurred in the Internet. 1

The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol on the Internet. While the serious vulnerabilities of BGP are well known, no security solution has been widely deployed. The lack of adoption is largely caused by a failure to find a balance between deployability, cost, and security. In this paper, we consider the design and performance of BGP path authentication constructions that limit resource costs by exploiting route stability. Based on a year-long study of BGP traffic and indirectly supported by findings within the networking community, we observe that routing paths are highly stable. This observation leads to comprehensive and efficient constructions for path authentication. We empirically analyze the resource consumption of the proposed constructions via trace-based simulations. This latter study indicates that our constructions can reduce validation costs by as much as 97.3 % over existing proposals while requiring nominal storage resources. We conclude by considering operational issues related to incremental deployment of our solution.

Abstract—The future metropolitan-area wireless mesh networks (WMNs) are expected to contain compromise-prone Mesh Access Points (MAPs) with a high frequency of inter-domain roaming/handoff events. This paper introduces a novel secure localized authentication and billing (SLAB) scheme, which aims to address both security guarantee and performance in terms of system compromise resilience capability, inter-domain handoff authentication latency, and workload of the roaming broker (RB). With extensive analysis and simulation, we demonstrate that the proposed scheme can be a practical solution for achieving secure roaming and billing in metropolitan-area WMNs. Index Terms—Wireless mesh networks, security, inter-domain handoff, authentication and billing. I.

In this paper, we describe the notion of signature chaining which was originally proposed in [1]. Signature chaining is essentially a method of generating proxy signatures. However, the di#erence from most proxy schemes is that in a chained signature, the proxies are generated sequentially rather than in parallel. The purpose of a chaining scheme is to `link' many proxies in a chain of trust. We propose an e#cient protocol using aggregate signatures that enables this to be done in an e#cient and non-interactive manner. Our protocol is based on bilinear pairings and is secure against chosen ciphertext attacks under the Di#e Hellman assumption.

Prefix hijacking, a misbehavior in which a misconfigured or malicious BGP router originates an IP prefix that the router does not own, is becoming an increasingly serious security problem on the Internet. In this paper, we conduct a first comprehensive study on incrementally deployable mitigation solutions against prefix hijacking. We first propose a novel reactive detection-assisted solution based on the idea of bogus route purging and valid route promotion. Our simulations based on realistic settings show that purging bogus routes at 20 highest-degree ASes reduces the polluted portion of the Internet by a random prefix hijack from 50% down to 24%, and adding promotion further reduces the remaining pollution by 33 % ∼ 57%, We prove that our proposed route purging and promotion scheme preserve the convergence properties of BGP regardless of the number of promoters. We are the first to demonstrate that detection systems based on a limited number of BGP feeds are subject to detection evasion by hijackers. Motivated the need for proactive defenses to complement reactive mitigation response, we evaluate customer route filtering, a best common practice among large ISPs today, and show its limited effectiveness. We also show the added benefits of combining route purging-promotion with customer route filtering.

Abstract. In 2003, Boneh, Gentry, Lynn and Shacham (BGLS) devised the first provably-secure aggregate signature scheme. Their scheme uses bilinear pairings and their security proof is in the random oracle model. The first pairing-based aggregate signature scheme which has a security proof that does not make the random oracle assumption was proposed in 2006 by Lu, Ostrovsky, Sahai, Shacham and Waters (LOSSW). In this paper, we compare the security and efficiency of the BGLS and LOSSW schemes when asymmetric pairings derived from Barreto-Naehrig (BN) elliptic curves are employed. 1.

Abstract — As the major component of Internet routing infrastructure, the Border Gateway Protocol (BGP) is vulnerable to malicious attacks. While Secure BGP (S-BGP) provides a comprehensive framework to secure BGP, its high computational cost and low incremental deployment benefits seriously impede its wide usage in practice. Using a lightweight symmetric signature scheme, SPV is much faster than S-BGP. However, the speed boost comes at the price of prohibitively large signatures. Aggregated path authentication reduces the overhead of securing BGP in terms of both time and space, but the speed improvement is still limited by public key computation. In this paper, we propose a simple keychain-based signature scheme called KC-x, which has low CPU and memory overheads and provides strong incentive for incremental deployment over the Internet. As a generic framework, KC-x has the flexibility of using different signature algorithms. We implement two realizations of KC-x. One is based on RSA called KC-RSA, and the other is based on Merkle hash tree called KC-MT. After characterizing the overheads of KC-RSA and KC-MT, we evaluate their performance with real BGP workloads. Our experimental results show that KC-RSA is as efficient as SAS-V 1, and KC-MT is even 3-fold faster than SPV with a 40 % smaller signature. Through the hybrid deployment of KC-MT and KC-RSA, KC-x can achieve both small signature and high processing rate for BGP speakers. I.