TR-2010005: Securing BGP through Existing Infrastructure and Contractual Chains (CCBGP)

نویسندگان

  • Yuri Cantor
  • Nancy Griffeth
  • Bilal Khan
  • Ping Ji
چکیده

This paper proposes a novel approach that draws upon the existing architecture and contractual relationships and compares the approach to the main existing techniques for securing BGP against prefix hijacking. We define prefix hijacking as usurping control of IP prefixes through the manipulation of BGP routing tables resulting in a redirection of network traffic away from a correct route to a prefix, which traverses all and only the ASes in the route advertisements and abides by BGP policy finally terminating at the AS that owns that prefix route, and onto another route. We further refine our definition to not include those attacks where the attacking AS lies along the correct path but does not actually route packets as it advertises. Our novel approach, termed Contractual Chained BGP, completely eliminates prefix hijacking under certain plausible assumptions and provides support for accountability in the form of forensic traceback. CCBGP applies contracts to build a transient chain of links between AS neighbors and neighbors of neighbors. Because the links are transient, each AS need only be aware of the links in its contractual sphere. Keeping the contractual sphere small limits the computational requirements of creating a chain link while the overlap of the links provides the security of a complete chain.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Securing BGP Through Existing Infrastructure and Contractual Chains (CCBGP)

This paper proposes a novel approach that draws upon the existing architecture and contractual relationships and compares the approach to the main existing techniques for securing BGP against prefix hijacking. We define prefix hijacking as usurping control of IP prefixes through the manipulation of BGP routing tables resulting in a redirection of network traffic away from a correct route to a p...

متن کامل

Securing BGP - A Literature Survey

The Border Gateway Protocol (BGP) is the Internet’s inter-domain routing protocol. One of the major concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet is vulnerable to various forms of attack. This paper examines the Internet’s routing architecture and the design of BGP in particular, and surveys the work to date on sec...

متن کامل

A Survey of BGP Security

The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance BGP has been historically acceptable, there are mounting concerns about its ability to meet the needs of the rapidly evolving Internet. A central limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the In...

متن کامل

Securing BGP Using External Security Monitors

Security modifications to legacy network protocols are expensive and disruptive. This paper outlines an approach, based on external security monitors, for securing legacy protocols by deploying additional hosts that locally monitor the inputs and outputs of each host executing the protocol, check the behavior of the host against a safety specification, and communicate using an overlay to alert ...

متن کامل

Security in Interdomain Routing

Current interdomain routing protocols are limited in implementations of universal security. Because of this, the Internet is vulnerable to many attacks at the AS to AS routing infrastructure. Such attacks can result in Internet outages, manipulation or exposure of Internet traffic, or the loss of control over Internet address space. BGP is the protocol that enables interdomain routing in the In...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2016