A survey of security techniques for the Border Gateway Protocol (BGP)

IEEE Communications Surveys and Tutorials

Volumn 11, Issue 1, 2009, Pages 52-65

  Nicholes, Martin O ^a   Mukherjee, Biswanath ^a  

^a Davis   (United States)

Author keywords

Bgp routing; Bgp security; Border gateway protocol (bgp); Index terms internet; Survey

Indexed keywords

AUTONOMOUS SYSTEMS; BGP ROUTING; BGP SECURITY; BORDER GATEWAY PROTOCOL; BORDER GATEWAY PROTOCOL (BGP); CORE INTERNET; DATA-PLANE TESTING; INDEX TERMS-INTERNET; INTERNET APPLICATION; LOCAL NETWORKS; NETWORK-CONTROLLED; ROUTING INFORMATION; WEB SURFING;

INTERNET; INTERNET PROTOCOLS; NETWORK SECURITY; ROUTING PROTOCOLS; SERVERS; SURVEYS;

GATEWAYS (COMPUTER NETWORKS);

EID: 70449418120     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2009.090105     Document Type: Article

References (52)

1. R. J. Perlman, "Network layer protocols with byzantine robustness," Ph.D. Dissertation, Massachusetts Institute of Technology, 1988.
2. B. Kumar, "Integration of security in network routing protocols," ACM SIGSAC Review, vol.11, no.2, pp. 18-25, 1993.
3. B. R. Smith and J. J. Garcia-Luna-Aceves, "Securing the border gateway routing protocol," in Proc. Global Internet '96, 1996, pp. 81-85.
4. S. Cheung, "An efficient message authentication scheme for link state routing," in Proc. 13th Annual Computer Security Applicatons Conference, 1997, pp. 90-98.
5. K. A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R. A. Olsson, "Detecting disruptive routers: a distributed network monitoring approach," in Proc. IEEE Symposium on Security and Privacy, vol.12, 1998, pp. 50-60 (IEEE Network, 1998).
6. A. Heffernan, "Protection of BGP sessions via the TCP MD5 signature option," IETF, RFC 2385, 1998.
7. S. Kent, C. Lynn, K. Seo, B. B. N. Technol, and M. A. Cambridge, "Secure border gateway protocol (S-BGP)," in Proc. ISOC Network and Distributed Systems Security Symposium, vol.18, 2000, pp. 582-592 (IEEE J. Select. Areas Commun., 2000).
8. X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, "Validation of the multiple origin ASes conflicts through BGP community attribute," IETF Draft, 2001.
9. J. Ng, "Extensions to BGP to Support Secure Origin BGP (soBGP)," IETF ID draft-ng-sobgp-bgp-extensions-00, Oct., 2002.
10. L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, and L. Zhang, "Protecting BGP routes to top-level DNS servers," in Proc. 23rd International Conference on Distrubuted Computing Systems, vol.14, 2003, pp. 851-860.
11. C. Kruegel, D. Mutz, W. Robertson, and F. Valeur, "Topology-based detection of anomalous BGP messages," in Proc. Symposium on Recent Advances in Intrusion Detection, 2003.
12. G. Goodell, W Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin, "Working around BGP: An incremental approach to improving security and accuracy of interdomain routing," in Proc. NDSS, 2003.
13. W Aiello, J. Ioannidis, and P. McDaniel, "Origin authentication in interdomain routing," Proc. 10th ACM conference on Computer and Communications Security, pp. 165-178, 2003.
14. L. Subramanian, V Roth, I. Stoica, S. Shenker, and R. Katz, "Listen and whisper: Security mechanisms for BGP," in Proc. NSDI, 2004.
15. Y. C. Hu, A. Perrig, and M. Sirbu, "SPV: secure path vector routing for securing BGP," in Proc. ACM SIGCOMM, 2004, pp. 179-192.
16. T. Wan, E. Kranakis, and P. C. van Oorschot, "Pretty secure BGP (psBGP)," School of Computer Science, Carleton University, Tech. Rep., 2005.
17. J. Karlin, S. Forrest, and J. Rexford, "Pretty good BGP: Improving BGP by cautiously adopting routes," in Proc. International Conference on Network Protocols, 2006.
18. D. Blazakis and J. S. Baras, "Analyzing BGP ASPATH behavior in the Internet," in Proc. 9th IEEE Global Internet Symposium, 2006.
19. J. Qiu and L. Gao, "Hi-BGP: A lightweight hijack-proof inter-domain routing protocol," Department of ECE, University of Massachusetts, Tech. Rep., 2006.
20. P. Reynolds, O. Kennedy, E. G. Sirer, and F. B. Schneider, "Securing BGP using external security monitors," Cornell University, Tech. Rep., 2006.
21. S. Y Qiu, F. Monrose, A. Terzis, and P. D. McDaniel, "Efficient techniques for detecting false origin advertisements in inter-domain routing," in Proc. NPSEC, 2006.
22. K. Butler and W Aiello, "Optimizing BGP security by exploiting path stability," Proc. 13th ACM conference on Computer and communications security, pp. 298-310, 2006.
23. E. Barr, D. DeFigueiredo, M. Nicholes, S. M. Shih Ming Tseng, C. Chuah, B. Mukherjee, and S. F. Wu, "Descartes BGP: A conflict detection and response framework for inter-domain routing," Department of Computer Science, University of California, Davis, Tech. Rep., 2006.
24. D. Wendlandt, Avramopoulos, D. Andersen, and J. Rexford, "Don't secure routing protocols, secure data delivery," ACM SIGCOMM HotNets Workshop, vol.2006. [Online], Available: http://www.cs.princeton.edu/ jrex/papers/acr.pdf
25. I. Avramopoulos and J. Rexford, "Stealth probing: efficient data-plane security for IP routing," Proc. USENIX Annual Technical Conference, 2006.
26. M. Lad, D. Massey, D. Pei, Y Wu, B. Zhang, and L. Zhang, "PHAS: A Prefix Hijack Alert System," Proc. of USENIX Security symposium, 2006.
27. Y. C. Hu, D. McGrew, A. Perrig, B. Weis, and D. Wendlandt, "(Revolutionary bootstrapping of a global PKI for securing BGP," in Proc. 5th ACM Workshop on Hot Topics in Networks (Hotnets-V), 2006.
28. X. Hu and Z. Mao, "Accurate Real-time Identification of IP Prefix Hijacking," IEEE Symposium on Security and Privacy, pp. 3-17, 2007.
29. G. Huston, http://www.potaroo.net/tools/asn32/, 2007.
30. Y. Rekhter and T. Li, "Border Gateway Protocol 4," RFC 1771, SRI Network Information Center, 1995.
31. K. Butler, T. Farley, P. McDaniel, and J. Rexford, "A survey of BGP security," AT&T Labs, Tech. Rep. TD-5UGJ33, 2004.
32. S. Murphy, "BGP Security Vulnerabilities Analysis," IETF, RFC 4272, 2006. [Online], Available: http://www.ietf.org/rfc/rfc4272.txt
33. O. Nordström and C. Dovrolis, "Beware of BGP attacks," ACM SIGCOMM Computer Communication Review, vol.34, no.2, pp. 1-8, 2004.
34. R. Kuhn, K. Sriram, and D. Montgomery, "Border Gateway Protocol Security: Recommendations of the National Institute of Standards and Technology," NIST Special Publication, pp. 800-854, 2007.
35. S. Bellovin and E. Gansner, "Using Link Cuts to Attack Internet Routing," AT&T Research, Tech. Rep., 2004.
36. A. Misel, "Wow, AS70071" NANOG mail archives, 1997.
37. T. Wan, P. van Oorschot, and E. Kranakis, "A selective introduction to border gateway protocol (BGP) security issues," Proc. NATO Advanced Studies Institute on Network Security and Intrusion Detection, 2007.
38. W Tao and K. PC, "Pretty Secure BGP (psBGP)," Proc. of NDSS, 2005.
39. R. Rivest, "RFC-1321 The MD5 Message-Digest Algorithm," RFC 1321, Network Working Group, 1992.
40. D. Kaminsky, "MD5 To Be Considered Harmful Someday," http://www.doxpara.com/md5-someday.pdf, 2004.
41. S. Kent, C. Lynn, J. Mikkelson, and K. Seo, "Secure border gateway protocol (S-BGP)-real world performance and deployment issues," in Proc, Network and Distributed System Security Symposium, 2000, pp. 103-116.
42. D. Meyer, "University of Oregon Route Views Project," http://www.routeviews.org/, 2003.
43. J. Qiu, L. Gao, S. Ranjan, and A. Nucci, "Detecting bogus BGP route information: Going beyond prefix hijacking," in Proc. IEEE SecureComm, 2007.
44. Apster, "APNIC resource certification project," http://www.apnic.net/docs/apster/issues/apster23-200709.pdf, 2007.
45. H. Yu, J. Rexford, and E. Feiten, "A distributed reputation approach to cooperative Internet routing protection," IEEE ICNP Workshop on Secure Network Protocols (NPSec), pp. 73-78, 2005.
46. M. Casado, T. Garfinkel, A. Akella, M. Freedman, D. Boneh, N. McKeown, and S. Shenker, "SANE: A Protection Architecture for Enterprise Networks," Proc. ACMIUSENIX NSDI, 2006.
47. V. Gill, J. Heasley, and D. Meyer, "The generalized TTL security mechanism (GTSM)," IETF, RFC 3682, 2004.
48. C. Villamizar, R. Chandra, and R. Govindan, "BGP Route Flap Damping," IETF, RFC 2439, 1998.
49. C. Zheng, L. Ji, D. Pei, J. Wang, and P. Francis, "A light-weight distributed scheme for detectingIP prefix hijacks in realtime," in Proc. ACM SIGCOMM, 2007.
50. H. Chan, D. Dash, A. Perrig, and H. Zhang, "Modeling adoptability of secure BGP protocol," in Proc. International Conference on Measurement and Modeling of Computer Systems, 2006.
51. C. Matsumoto, "Redback beefs up its router," http://www.lightreading.com/, 2007.
52. M. Zhao, S. W. Smith, and D. M. Nicol, "The performance impact of BGP security," IEEE Network, vol.19, no.6, pp. 42-48, 2005.