Optimizing BGP security by exploiting path stability

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2006, Pages 298-310

  Butler, Kevin ^a   McDaniel, Patrick ^a   Aiello, William ^b  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

^b UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

BGP; Path stability; Routing; Security

Indexed keywords

COMPUTER SIMULATION; INTERNET; NETWORK PROTOCOLS; NETWORK ROUTING; RESOURCE ALLOCATION;

BGP; NETWORKING COMMUNITY; PATH STABILITY;

SECURITY OF DATA;

EID: 34547369855     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1180405.1180442     Document Type: Conference Paper

References (49)

1. W. Aiello, K. Butler, and P. McDaniel. Implications of Path Stability for Efficient Authentication in Interdomain Routing. Technical Report NAS-TR-0002-2004, Networking and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, Oct. 2004. Revised October 2005.
2. W. Aiello, J. Ioannidis, and P. McDaniel. Origin Authentication in Interdomain Routing. In Proceedings of ACM CCS '03, October 2003.
3. M. Baltatu, A. Lioy, F. Maino, and D. Mazzocchi. Security issues in control, management and routing protocols. Computer Networks (Amsterdam, Netherlands: 1999), 34(6):881-894, 2000. Elsevier Editions, Amsterdam.
4. A. Barbir, S. Murphy, and Y. Yang. Generic Threats to Routing Protocols (Draft). IETF, April 2004.
5. S. Bellovin, R. Bush, T. Griffin, and J. Rexford. Slowing routing table growth by filtering based on address allocation policies. http://www.research. att.com/jrex/, June 2001.
6. K. Butler, T. Farley, P. McDaniel, and J. Rexford. A Survey of BGP Security Issues and Solutions. Technical Report TD-5UGJ33, AT&T Labs - Research, Florham Park, NJ, Feb. 2004. (revised June 2004).
7. G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing. In Proceedings of NDSS '03, Feb. 2003.
8. M. Goodrich, R. Tamassia, and A. Schwerin. Implementation of an authenticated dictionary with skip lists and commutative hashing. In Proceedings of DARPA Information Survivability Conference and Exposition II (DISCEX). IEEE Computer Society Press, June 2001. Los Angeles, CA.
9. Y. Hu, A. Perrig, and D. Johnson. Efficient security mechanisms for routing protocols. In Proceedings of NDSS '03, Feb. 2003.
10. Y.-C. Hu, A. Perrig, and M. Sirbu. SPV: Secure Path Vector Routing for Securing BGP. In ACM SIGCOMM. ACM, August 2004.
11. G. Huston. BGP Reports, May 2005. http ://bgp.potaroo.net/.
12. IANA. Autonomous System. Numbers, March 2003.
13. ICANN. The Internet Corporation for Assigned Names and Numbers, July 2004. http://www.icann.org/.
14. J. Karlin, S. Forrest, and J. Rexford. Pretty Good BGP: Protecting BGP by Cautiously Selecting Routes. Technical Report TR-CS-2005-37, University of New Mexico, Albuquerque, NM, USA, Oct. 2005.
15. S. Kent. Securing the Border Gateway Protocol. The Internet Protocol Journal, 6(3), Sep. 2003.
16. S. Kent. Securing the Border Gateway Protocol: A status update. In Seventh IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Oct. 2003.
17. S. Kent, C. Lynn, J. Mikkelson, and K. Seo. Secure Border Gateway Protocol (S-BGP) Real World Performance and Deployment Issues. In Proceedings of NDSS '00, Feb. 2000.
18. S. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 18(4), Apr. 2000.
19. C. Kruegel, D. Mutz, W. Robertson, and F. Valeur. Topology-based detection of anomalous BGP messages. In Proceedings of RAID '03, Sept. 2003.
20. L. Lamport. Password Authentication with Insecure Communication. Commun. ACM, 24(11):770-772, Nov. 1981.
21. X. Meng, Z. Xu, L. Zhang, and S. Lu. An analysis of BGP routing table evolution. Technical Report TR030046, Computer Science Department, UCLA, Jan. 2003.
22. Merit Network. The Internet Routing Registry, July 2004. http://www.irr.net/.
23. R. Merkle. Protocols for public key cryptosystems. Oakland, CA, Apr. 1980. IEEE Symposium on Research in Security and Privacy.
24. D. Meyer. The Route Views Project, Nov. 2006. http://www.routeviews.org/.
25. D. Meyer and A. Partan. BGP Security, Availability,and Operator Needs. NANOG 28, June 2003.
26. S. Murphy. BGP Security Vulnerabilities Analysis. RFC 4272, Jan. 2006.
27. M. Naor and K. Nissim. Certificate revocation and certificate update. In Proceedings of the 7th USENIX Security Symposium, Jan. 1998.
28. H. Narayan, R. Govindan, and G. Varghese. The impact of address allocation and routing on the structure and implementation of routing tables. In Proceedings of ACM SIGCOMM '03, Karlsruhe, Germany, Aug. 2003. ACM.
29. J. Ng. Extensions to BGP to support secure origin BGP (soBGP). Internet Draft, Oct. 2002.
30. D. Nicol, S. Smith, and M. Zhao. Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Modelling Practice and Theory, 12(3-4):187-216, July 2004.
31. O. Nordström and C. Dovrolis. Beware of BGP attacks. Computer Communications Review, 34(2):1-8, Apr. 2004.
32. Office of the President of the United States. Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program. National Strategy to Secure Cyberspace, Nov. 2004.
33. R. Permian. Network layer Protocols with Byzantine Robustness. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, Oct. 1988. MIT/LCS/TR-429.
34. J. Postel. Internet Protocol. RFC 791, Sept. 1981.
35. J. Postel. Transmission Control Protocol - DARPA Internet Protocol Program Specification. IETF, Sep. 1981. RFC 793.
36. J. Puig, M. Achemlal, E. Jones, and D. McPherson. Generic Security Requirements for Routing Protocols (Draft). IETF, July 2004.
37. Y. Rekhter and P. Gross. Application of the Border Gateway Protocol in the Internet. RFC 1772, Mar. 1995.
38. Y. Rekhter and T. Li. A Border Gateway Protocol 4 (BGP-4). RFC 4271, Jan. 2006.
39. J. Rexford, J. Wang, Z. Xiao, and Y. Zhang. BGP routing stability of popular destinations. In IMW '02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pages 197-202, New York, NY, USA, 2002. ACM Press.
40. R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2):120-126, Feb. 1978.
41. K. Seo, C. Lynn, and S. Kent. Public-Key Infrastructure for the Secure Border Gateway Protocol (S-BGP). In IEEE DARPA Information Survivability Conference and Exposition II, June 2001.
42. B. Smith and J. Garcia-Luna-Aceves. Securing the Border Gateway Routing Protocol. In Proceedings of IEEE Global Internet 1996, London, UK, Nov. 1996.
43. L. Subramanian, V. Roth, I. Stoica, S. Shenker, and R. Katz. Listen and Whisper: Security mechanisms for BGP. In Proceedings of NSDI'04, Mar. 2004.
44. S. Teoh, K. Ma, S. Wu, D. Pei, L. Wang, L. Zhang, D. Massey, and R. Bush. Visual-Based Anomaly Detection for BGP Origin AS Change (OASC) Events. In Proceedings of IEEE/IFIP DSOM '03, October 2003.
45. T. Wan, E. Kranakis, and P. C. van Oorschot. Pretty Secure BGP (psBGP). In Proc. of NDSS '05. Internet Society (ISOC), Feb. 2005.
46. L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, A. Mankin, S. F. Wu, and L. Zhang. Protecting BGP Routes to Top Level DNS Servers. In Proceedings of the 23rd International Conference on Distributed Computing Systems (ICDCS), May 2003.
47. K. Zhang, S.-T. Teoh, S.-M. Tseng, C-N. Chuah, K.-L. Ma, and F. Wu. Performing BGP experiments on a semi-realistic internet environment. North American Network Operators Group (NANOG), October 2004.
48. X. Zhang, S. Wu, Z. Fu, and T.-L. Wu. Malicious Packet Dropping: How It Might Impact the TCP Performance and How We Can Detect It. In Proceedings of ICNP 2000, Nov. 2000.
49. M. Zhao, S. W. Smith, and D. M. Nicol. Aggregated path authentication for efficient BGP security. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS'05), Nov. 2005. Alexandria, VA, USA.