INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS
Ines Feki, Xiaoli Zheng, Mohammed Achemlal, Ahmed Serhrouchni
2006
Abstract
Internet is composed of thousands of autonomous systems (AS). The Border Gateway Protocol (BGP) is the exterior routing protocol used to exchange network reachability information between border routers of each AS. The correctness of the exchanged information in BGP messages is crucial to the Internet routing system. Unfortunately, BGP is vulnerable to different attacks that have considerable impacts on routing system. Network prefix hijacking, where an AS illegitimately originates a prefix is one of the most important attacks. It allows the attacker to receive traffic in destination to the prefix owner. The attacker is then able to blackhole the traffic or to force it to take another path. Proposed solutions rely on public key infrastructures and cryptographic mechanisms to prevent incorrect routing information propagation. In practice these approaches involve many parties (Internet Service Providers, Operators, Vendors, and Regional Internet Registries) and are difficult to deploy. In this paper we formally define routing information correctness, especially the legitimacy of an AS to originate a prefix. We also propose a method to associate with an AS a legitimacy level to originate a prefix. We use Regional Internet Registry databases to initialize the legitimacy level. We also use received announcements and public routing data to update this legitimacy level. We finally describe all conceivable reactions facing origin AS changes.
References
- Rekhter, Y, 2006. The Border Gateway Protocol. RFC 4271
- Huston, G. 2006. www.potaroo.net
- Kent, S., 2000. Secure Border Gateway Protocol. In IEEE Journal on Selected Areas in Communications, Vol. 18, No. 4, pp. 582-592
- Atkinson, R., 2004. IAB Concerns and Recommendations Regarding Internet Research and Evolution. RFC 3869.
- Zhao, M., 2004 Evaluation of Efficient Security for BGP Route Announcements using Parallel Simulation. In Journal on Simulation Modeling Practice and Theory
- Zhao, M., 2005. Aggregated Path Authentication for Efficient BGP Security. In proceedings of ACM Conference on Computer and Communications Security.
- White, R., 2003. Securing BGP through Secure Origin BGP. In Internet Protocol Journal, Cisco, Vol. 6 Num 3, p15-22.
- Wan, T. 2005. Pretty Secure BGP. In proceedings of Network and Distributed System Security Symposium Conference.
- SIDR WG, www.ietf.org/proceedings/06mar/minutes/sidr.txt
- Teoh, S.T., 2003. Visual-based Anomaly Detection for BGP Origin AS Change (OASC) Events. In DSOM2003, 14th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management.
- Teoh, S. T., 2004. Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP, CCS Workshop on Visualization and Data Mining for Computer Security.
- Zhao, X., 2002. Detection of Invalid Routing Announcement in the Internet. In Proceedings of International Conference on Dependable Systems and Networks.
- Kim, E., 2005. Global Internet Routing Forensics: Validation of BGP Paths using ICMP Traceback. In Proceedings of the First annual IFIP WG 11.9 International Conference on Digital Forensics.
- Hyun, Y., 2003. Traceroute and BGP AS Path Incongruities. In the proceedings of the International Working Conference on Performance Modeling and Evaluation of Heterogeneous Networks.
- Goodell, G., 2003. Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing. In proceedings of Network and Distributed Systems Security.
- Alaettinoglu, C., 1999. Routing Policy Specification Language. RFC2622
- Meyer, D., 1999. Using RPSL in Practice, RFC2650.
- Siganos, G., 2004. Analyzing BGP Policies: Methodology and Tool., in Proceedings of IEEE INFOCOM.
Paper Citation
in Harvard Style
Feki I., Zheng X., Achemlal M. and Serhrouchni A. (2006). INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 110-117. DOI: 10.5220/0002104201100117
in Bibtex Style
@conference{secrypt06,
author={Ines Feki and Xiaoli Zheng and Mohammed Achemlal and Ahmed Serhrouchni},
title={INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={110-117},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002104201100117},
isbn={978-972-8865-63-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS
SN - 978-972-8865-63-4
AU - Feki I.
AU - Zheng X.
AU - Achemlal M.
AU - Serhrouchni A.
PY - 2006
SP - 110
EP - 117
DO - 10.5220/0002104201100117