Protecting BGP from Invalid Paths
نویسندگان
چکیده
The Internet’s interdomain routing protocol, BGP, is vulnerable to a number of potentially crippling attacks. Many promising cryptography-based solutions have been proposed, but none have been embraced by the necessary communities to garner significant adoption. This is largely due to the difficulty of developing and maintaining the necessary PKI infrastructure and changes to the BGP protocol that the proposed solutions require. Alternative solutions such as anomaly detectors have been unable to provide the same level of security as the cryptographic mechanisms. In this paper we create an anomaly detector and response mechanism capable of automatically stopping the propagation of invalid path attacks, a difficult class of attacks to detect. Our solution provides comparable security to the cryptographic methods and could be readily deployed with a simple software upgrade in participating networks.
منابع مشابه
Inferring AS Relationships: Dead End or Lively Beginning?
Recent techniques for inferring business relationships between ASs [1, 2] have yielded maps that have extremely few invalid BGP paths in the terminology of Gao [3]. However, some relationships inferred by these newer algorithms are incorrect, leading to the deduction of unrealistic AS hierarchies. We investigate this problem and discover what causes it. Having obtained such insight, we generali...
متن کاملTraceroute and BGP AS Path Incongruities
Researchers investigating topics such as performance, stability, and growth of the Internet often turn to BGP routing tables to obtain Internet topology. BGP routing tables provide a mapping from address prefixes to autonomous system (AS) paths. Our study, based on hundreds of thousands of traceroutes from three locations worldwide, categorizes differences between AS paths obtained from BGP rou...
متن کاملAS-TRUST: A Trust Characterization Scheme for Autonomous Systems in BGP
Border Gateway Protocol (BGP) works by frequently exchanging updates which, disseminate reachability information (RI) about IP prefixes (i.e., address blocks) between Autonomous Systems (ASes) on the Internet. The current operation of BGP implicitly trusts the ASes to disseminate valid—accurate, stable and routing policy compliant — RI. This assumption is problematic as demonstrated by the rece...
متن کاملSign What You Really Care about - Secure BGP AS Paths Efficiently
The inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the reliability of the Internet routing system, but forged routes generated by malicious attacks or misconfigurations may devastate the system. The security problem of BGP has attracted considerable attention, and although several solutions have been proposed, none of them have been widely deployed due to...
متن کاملR-BGP: Staying Connected in a Connected World
Many studies show that, when Internet links go up or down, the dynamics of BGP may cause several minutes of packet loss. The loss occurs even when multiple paths between the sender and receiver domains exist, and is unwarranted given the high connectivity of the Internet. Our objective is to ensure that Internet domains stay connected as long as the underlying network is connected. Our solution...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007