In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.

Abstract — The Internet’s interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. While experts debate whether such a large deployment is feasible, networks remain vulnerable to false information injected into BGP. However, BGP routers could avoid selecting and propagating these routes if they were cautious about adopting new reachability information. We describe a protocol-preserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into a large-scale Internet attack. Simulation results show that realistic deployments of PGBGP could provide 99% of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40 % of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1%. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers. I.

Internet routing and forwarding are vulnerable to attacks and misconfigurations that compromise secure communications

The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities currently existing within interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their designs considered. We note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further investigation into the problems and solutions of BGP security.

The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol on the Internet. While the serious vulnerabilities of BGP are well known, no security solution has been widely deployed. The lack of adoption is largely caused by a failure to find a balance between deployability, cost, and security. In this paper, we consider the design and performance of BGP path authentication constructions that limit resource costs by exploiting route stability. Based on a year-long study of BGP traffic and indirectly supported by findings within the networking community, we observe that routing paths are highly stable. This observation leads to comprehensive and efficient constructions for path authentication. We empirically analyze the resource consumption of the proposed constructions via trace-based simulations. This latter study indicates that our constructions can reduce validation costs by as much as 97.3 % over existing proposals while requiring nominal storage resources. We conclude by considering operational issues related to incremental deployment of our solution.

Abstract not found

traffic past an enemy-controlled point for purposes of eavesdropping or connection-hijacking, have long been known. In principle, at least, these attacks can be countered by use of appropriate authentication techniques. We demonstrate a new attack, based on link-cutting, that cannot be countered in this fashion. Armed with a topology map and a list of already-compromised links and routers, an attacker can calculate which links to disable, in order to force selected traffic to pass the compromised elements. The calculations necessary to launch this attack are quite efficient; in our implementation, most runs took less than half a second, on databases of several hundred nodes. We also suggest a number of work-arounds, including one based on using intrusion detection systems to modify routing metrics.

In this paper we study the behavior of Internet traffic on the ASlevel topology and discuss its implications on interdomain traffic engineering. We rely on two notable interdomain traffic traces, the first is one month long and the other is one day long. This study shows that interdomain paths are stable for a large majority of the traffic from a routing viewpoint. We show that the aggregation of the traffic occurring on the AS-level graph is essentially limited to direct peers, with almost no aggregation occurring at larger AS hop distances. Furthermore, only part of the AS paths of the AS-level topology that see a lot of traffic are stable, when considering their presence among the largest AS paths on a hourly basis. Relying on the largest AS paths in traffic over a time window to capture the traffic over the next time interval discloses the important variability of the traffic seen by the largest AS paths in traffic. Interdomain traffic engineering is hence due to be difficult because of the limited traffic aggregation on the AS-level topology and the important topological variability of the traffic for a significant percentage of the total traffic.

Abstract not found

The Internet routing system today is divided into two views:...