A survey of BGP security issues and solutions

Proceedings of the IEEE

Volumn 98, Issue 1, 2010, Pages 100-122

  Butler, Kevin ^a   Farley, Toni R ^b   McDaniel, Patrick ^a   Rexford, Jennifer ^c  

^a The Pennsylvania State University   (United States)

^b ARIZONA STATE UNIVERSITY   (United States)

^c Princeton University   (United States)

Author keywords

Authentication; Authorization; BGP; Border gateway protocol; Integrity; Interdomain routing; Network security; Networks; Routing

Indexed keywords

AUTHENTICATION; BORDER GATEWAY PROTOCOL; GATEWAYS (COMPUTER NETWORKS); NETWORK PROTOCOLS; NETWORKS (CIRCUITS); ROUTING PROTOCOLS; SURVEYS;

AUTHORIZATION; CURRENT VULNERABILITIES; DEPLOYMENT COSTS; INTEGRITY; INTER-DOMAIN ROUTING SYSTEMS; INTERDOMAIN ROUTING; ROUTING; SECURITY ANALYSIS;

NETWORK SECURITY;

EID: 72949118871     PISSN: 00189219     EISSN: None     Source Type: Journal    
DOI: 10.1109/JPROC.2009.2034031     Document Type: Article

References (130)

1. J. Hawkinson and T. Bates, Guidelines for Creation, Selection, and Registration of an Autonomous System (AS), RFC 1930, 1996.
2. Y. Rekhter, T. Li, and S. Hares, A Border Gateway Protocol 4 (BGP-4), RFC 4271, Jan. 2006.
3. J. Stewart, "GP4: Inter-Domain Routing in the Internet. Reading, MA: Addison-Wesley, 1999.
4. R. Barrett, S. Haar, and R. Whitestone, "Routing snafu causes Internet outage," Interactive Week, Apr. 25, 1997.
5. P. Boothe, J. Hiebert, and R. Bush, "How prevalent is prefix hijacking on the Internet?'' in Proc. NANOG 36, Feb. 2006 [Online]. Available: http://www.nanog.org/ mtg-0602/boothe.html-net.shtml
6. Rensys Blog, Con-Ed Steals the 'Net. [Online]. Available: http://www.renesys.com/blog/2006/01/coned-steals-the
7. Rensys Blog, Pakistan Hijacks YouTube. [Online]. Available: http://www.renesys.com/blog/2008/02/pakistan-hijacks-youtube-1.shtml%
8. A. Ramachandran and N. Feamster, "Understanding the network-level behavior of spammers," in Proc. ACM SIGCOMM, Aug. 2006.
9. H. Ballani, P. Francis, and X. Zhang, BA study of prefix hijacking and interception in the Internet," in Proc. ACM SIGCOMM, Aug. 2007.
10. Department of Homeland Security, The National Strategy to Secure Cyberspace, Feb. 2003.
11. Secure Inter-Domain Routing. [Online]. Available: http://www.ietf.org/ html.charters/sidr-charter.html.
12. North American Network Operators Group. [Online]. Available: www.nanog.org.
13. N. Spring, R. Mahajan, and D. Wetherall, "Measuring ISP topologies with Rocketfuel," IEEE/ACM Trans. Networking, vol. 12, no. 1, pp. 2-16, Feb. 2004.
14. W. Eddy, TCP SYN Flooding Attacks and Common Mitigations, RFC 4987, Aug. 2007.
15. S. Bellovin and E. Gansner. (2003, May). Using Link Cuts to Attack Internet Routing. [Online]. Available: http://www.cs. columbia.edu/smb/papers/ reroute.pdf
16. T. Griffin and G. Huston, "GP Wedgies, RFC 4264, Nov. 2005.
17. M. Caesar and J. Rexford, "BGP routing policies in ISP networks," IEEE Network, vol.19, no.6, pp. 5-11, Nov.-Dec. 2005.
18. R. Perlman, Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, 2nd ed. Reading, MA: Addison Wesley, 1999.
19. O. Bonaventure, "Interdomain routing with BGP: Issues and challenges," in Proceedings of the IEEE Symposium on Communications and Vehicular Technology (SCVT), Louvain-la-Neuve, "elgium, Oct. 2002.
20. L. Gao and J. Rexford, "Stable Internet routing without global coordination," IEEE/ACM Trans. Networking, Dec. 2001.
21. R. Perlman, "Network layer protocols with Byzantine robustness," Ph.D. dissertation, Massachusetts Inst. Technol., Cambridge, Oct. 1988. MIT/LCS/TR-429.
22. R. Rivest, The MD5 Message-Digest Algorithm, RFC 1321, Apr. 1992.
23. U.S. National Bureau of Standards, Secure Hash Standard, FIPS PUB 180-182, Aug. 2002.
24. H. Krawczyk, M. Bellare, and R. Canetti, HMAC: Keyed-Hashing for Message Authentication, RFC 2104, Apr. 1997.
25. W. Diffie and M. Hellman, "New directions in cryptography," IEEE Trans. Inf. Theory, vol.IT-22, no.6, pp. 644-654, Nov. 1976.
26. I. F. Blake and T. Garefalakis, "On the complexity of the discrete logarithm and Diffie-Hellman problems," J. Complexity, vol.20, no.2-3, pp. 148-170, Apr.-Jun. 2004.
27. K. Seo, C. Lynn, and S. Kent, "Public-key infrastructure for the secure border gateway protocol (S-BGP)," in IEEE DARPA Information Survivability Conference and Exposition II, Anaheim, CA, Jun. 2001.
28. A. Heffernan, Protection of BGP Sessions via the TCP MD5 Signature Option, RFC 2385, Aug. 1998.
29. S. M. Bellovin, "Security problems in the TCP/IP protocol suite," Comput. Commun. Rev., vol.2, no.19, pp. 32-48, Apr. 1989.
30. B. Green, "BGP security update: Is the sky falling?'' in Proc. NANOG 25, Jun. 2002.
31. J. Touch, A. Mankin, and R. Bonica, The TCP Authentication Option, Internet Draft, Jul. 2009.
32. B. Smith and J. Garcia-Luna-Aceves, "Securing the border gateway routing protocol," in Global Internet '96, London, U.K., Nov. 1996.
33. B. Smith and J. Garcia-Luna-Aceves "Efficient security mechanisms for the border gateway routing protocol," Comput. Commun., vol. 21, no. 3, pp. 203-210, 1998.
34. M. G. Gouda, E. N. Elnozahy, C.-T. Huang, and T. M. McGuire, "Hop integrity in computer networks," in Proc. 8th Int. Conf. Network Protocols, Osaka, Japan, Nov. 2000.
35. V. Gill, J. Heasley, and D. Meyer, The Generalized TTL Security Mechanism (GTSM), RFC 3682, Feb. 2004.
36. S. Kent and K. Seo, Security Architecture for the Internet Protocol, RFC 4301, Dec. 2005.
37. R. Thayer, N. Doraswamy, and R. Glenn, IP Security Document Roadmap, RFC 2411, Nov. 1998.
38. C. Kaufman, Internet Key Exchange (IKEv2) Protocol, RFC 4306, Dec. 2005.
39. S. Kent, IP Authentication Header, RFC 4302, Dec. 2005.
40. S. Kent, IP Encapsulating Security Payload (ESP), RFC 4303, Dec. 2005.
41. B. Gleeson, A. Lin, J. Heinanen, G. Armitage, and A. Malis, A Framework for IP Based Virtual Private Networks, RFC 2764, Feb. 2000
42. T. Bates, P. Smith, and G. Huston, "CIDR Report for 30 January 08,'' Mar. 2008. [Online]. Available: http://www. cidr-report.org/
43. J. Stewart, T. Bates, R. Chandra, and E. Chen, Using a Dedicated AS for Sites Homed to a Single Provider, RFC 2270, Jan. 1998.
44. S. Bellovin, R. Bush, T. Griffin, and J. Rexford. (2001, Jun.). Slowing Routing Table Growth by Filtering Based on Address Allocation Policies. [Online]. Available: http://www.cs.princeton.edu/~jrex/papers/ filter.pdf
45. D. Chang, R. Govindan, and J. Heidemann, "An empirical study of router response to large BGP routing table load," in Proc. ACM SIGCOMM Internet Measurement Workshop (IMW), Nov. 2002.
46. O. Nordstr̈om and C. Dovrolis, "Beware of BGP attacks," Comput. Commun. Rev., vol.34, no.2, pp. 1-8, Apr. 2004.
47. N. Feamster, Z. M. Mao, and J. Rexford, "BorderGuard: Detecting cold potatoes from peers," in Proc. 2004 Internet Measurement Conf., Taormina, Italy, Oct. 2004.
48. T. Bates, E. Gerich, L. Joncheray, J.-M. Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu, Representation of IP Routing Policies in a Routing Registry, RFC 1786, Mar. 1995.
49. L. Blunk, J. Damas, F. Parent, and A. Robachevsky, Routing Policy Specification Language Next Generation (RPSLng), RFC 4012, Mar. 2005.
50. L. Gao, "On inferring autonomous system relationships in the Internet," IEEE/ACM Trans. Networking, vol.9, no.6, pp. 733-745, Dec. 2001.
51. L. Subramanian, S. Agarwal, J. Rexford, and R. Katz, "Characterizing the Internet hierarchy from multiple vantage points," in IEEE INFOCOM 2002, New York, Jun. 2002.
52. X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, K. C. Claffy, and G. Riley, "AS relationships: Inference and validation," ACM SIGCOMM Comput. Commun. Rev., vol.37, no.1, pp. 29-40, Jan. 2007.
53. T. Griffin, Personal Communication, Jun. 2003.
54. M. Lepinksi, S. Kent, and D. Kong, A Profile for Route Origin Authorizations (ROAs), Internet Draft, Jul. 2009.
55. APNIC. (2006, Nov.). The APNIC Resource Certification Page. [Online]. Available: http://mirin.apnic.net/resourcecerts/
56. D. Harrington, R. Presuhn, and B. Wijnen, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks, RFC 3411, Dec. 2002.
57. M. Kaeo, Current Operational Security Pratices in Internet Service Provider Environments, RFC 4778, Jan. 2007.
58. J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM SIGCOMM Computer Communication Review, vol.34, no.2, Apr. 2004.
59. V. Gill, "Lack of priority queueing considered harmful," ACM Qeue, vol.2, no.8, pp. 64-69, Nov. 2004.
60. M. O. Nicholes and B. Mukherjee, "A survey of security techniques for the border gateway protocol (BGP)," IEEE Comm. Surveys & Tutorials, vol.11, no.1, Q1 2009.
61. S. Kent, C. Lynn, and K. Seo, "Secure Border Gateway Protocol (S-BGP)," IEEE J. Sel. Areas Commun., vol.18, no.4, Apr. 2000.
62. M. Zhao, S. W. Smith, and D. M. Nicol, "The performance impact of BGP security," IEEE Network, vol.19, no.6, pp. 42-48, Nov./Dec. 2005.
63. S. Kent, C. Lynn, J. Mikkelson, and K. Seo, "Secure Border Gateway Protocol (S-BGP) real world performance and deployment issues," in Proc. ISOC Symp. Network and Distributed System Security (NDSS), San Diego, CA, Feb. 2000.
64. D. M. Nicol, S. W. Smith, and M. Zhao, "Evaluation of efficient security for BGP route announcements using parallel simulation," Simul. Model. Prac. Theor., vol.12, no.3-4, pp. 187-216, Jul. 2004.
65. S. Bellovin, "SBGPVSecure BGP," in NANOG 28, Jun. 2003.
66. J. Ng, Extensions to BGP to Support Secure Origin BGP (soBGP), Internet Draft, Apr. 2004.
67. S. Kent, "Securing the Border Gateway Protocol: A status update," in Proc. 7th IFIP TC-6 TC-11 Conf. Communications and Multimedia Security, Torino, Italy, Oct. 2003.
68. G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin, "Working around BGP: An incremental approach to improving security and accuracy of interdomain routing," in Proc. ISOC NDSS'03, San Diego, CA, Feb. 2003, pp. 75-85.
69. T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.1, RFC 4346, Apr. 2006.
70. B. Baker and R. Shostak, "Gossips and telephones," Discrete Math., no.2, pp. 191-193, 1972.
71. P. McDaniel, W. Aiello, K. Butler, and J. Ioannidis, "Origin authentication in interdomain routing," Comput. Networks, vol.50, no.16, pp. 2953-2980, Nov. 2006.
72. R. Merkle, "Protocols for public key cryptosystems," in IEEE Symp. Security and Privacy, Oakland, CA, Apr. 1980.
73. M. Naor and K. Nissim, "Certificate revocation and certificate update," IEEE J. Sel. Areas Commun., vol.18, no.4, pp. 561-570, Apr. 2000.
74. Y. Hu, A. Perrig, and D. Johnson, "Efficient security mechanisms for routing protocols," in Proc. ISOC Network and Distributed Systems Security Symp. (NDSS), San Diego, CA, Feb. 2003.
75. Y.-C. Hu, A. Perrig, and M. Sirbu, "SPV: Secure path vector routing for securing BGP," in Proc. ACM SIGCOMM, Portland, OR, Aug. 2004.
76. S. Even, O. Goldreich, and S. Micali, "On-line/off-line digital signatures," J. Cryptol., vol.9, no.1, pp. 35-67, 1996.
77. C. Wong and S. Lam, "Digital signatures for flows and multicasts," IEEE/ACM Trans. Networking, vol.7, no.4, pp. 502-513, Aug. 1999.
78. B. Raghavan, S. Pranjwani, and A. Mityagin, "Analysis fo the SPV secure routing protocol: Weaknesses and lessons," ACM SIGCOMM Comput. Commn. Rev., Apr. 2007.
79. A. Fujioka, T. Okamoto, and S. Miyaguchi, "ESIGN: An efficient digital signature implementation for smart cards," in Proc. EUROCYPT, Brighton, U.K., Apr. 1991.
80. M. Zhao, S. W. Smith, and D. M. Nicol, "Aggregated path authentication for efficient BGP security," in Proc. 12th ACM Conf. Computer and Communications Security (CCS'05), Alexandia, VA, Nov. 2005.
81. M. Zhao, S. W. Smith, and D. M. Nicol, "Evaluating the performance impact of PKI on BGP security," in Proc. 4th Annu. PKI R&D Workshop, Gaithersburg, MD, Feb. 2005.
82. K. Butler, P. McDaniel, and W. Aiello, "Optimizing BGP security by exploiting path stability," in Proc. 13th ACM Conf. Computer and Communications Security (CCS'06), Alexandia, VA, Nov. 2006.
83. University of Oregon Route Views Project. [Online]. Available: http://www. routeviews.org/
84. B. Kumar and J. Crowcroft, "Integrating security in inter-domain routing protocols," ACM SIGCOMM Comput. Commun. Rev., vol.23, no.5, pp. 36-51, Oct. 1993.
85. ISO, Intermediate System to Intermediate System Inter-Domain Routing Information Exchange Protocol, DIS 10747, Jul. 1992.
86. P. C. van Oorschot, T. Wang, and E. Kranakis, "On inter-domain routing security and pretty secure BGP (psBGP)," ACM Trans. Inf. Syst. Security (TISSEC), vol.10, no.3, Jul. 2007.
87. X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, "An analysis of BGP multiple origin AS (MOAS) conflicts," in Proc. ACM SIGCOMM Internet Measurement Workshop, 2001, San Francisco, CA, Nov. 2001.
88. R. Chandra, P. Traina, and T. Li, "GP Community Attribute, RFC 1997, Aug. 1996.
89. X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. Wu, and L. Zhang, "Detection of invalid routing announcement in the Internet," in IEEE DSN 2002, Washington, DC, Jun. 2002.
90. L. Wang, X. Zhao,D. Pei, R. Bush, D. Massey, A. Mankin, S. Wu, and L. Zhang, "Protecting BGP routes to top level DNS servers," IEEE Trans. Parallel Distrib. Syst., vol.14, no.9, pp. 851-860, Sep. 2003.
91. C. Kruegel, D. Mutz, W. Robertson, and F. Valeur, "Topology-based detection of anomalous BGP messages," in Proc. 6th Symp. Recent Advances in Intrusion Detection (RAID), Sep. 2003, pp. 17-35.
92. M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang, "PHAS: A prefix hijack alert system," in Proc. 15th USENIX Security Symp., Vancouver, BC, Canada, Aug. 2006.
93. G. Huston and G. Michaelson, Validation of Route Origination in BGP Using the Resource Certificate PKI and ROAs, Internet Draft, Aug. 2009.
94. J. Karlin, S. Forrest, and J. Rexford, "Autonomous security for autonomous systems," Comput. Networks, Oct. 2008.
95. R. Mahajan, D. Wetherall, and T. Anderson, "Understanding BGP misconfiguration," in Proc. ACM SIGCOMM 2002, Pittsburgh, PA, Aug. 2002.
96. X. Hu and Z. M. Mao, "Accurate real-time identification of IP prefix hijacking," in Proc. IEEE Symp. Security and Privacy, Oakland, CA, May 2007.
97. Y. Zhang, Z. Zhang, Z. M. Mao, Y. C. Hu, and B. M. Maggs, "On the impact of route monitor selection," in Proc. ACM Internet Measurement Conf. (IMC), San Diego, CA, Oct. 2007.
98. L. Subramanian, V. Roth, I. Stoica, S. Shenker, and R. Katz, "Listen and Whisper: Security mechanisms for BGP," in Proc. Symp. Networked Systems Design and Implementation (NSDI), San Francisco, CA, Mar. 2004.
99. R. Rivest, A. Shamir, and L. M. Adelman, "A method for obtaining digital signatures and public-key cryptosystems," Commun. ACM, vol.21, no.2, pp. 120-126, Feb. 1978.
100. G. Huston, Commentary on Inter-Domain Routing in the Internet, RFC 3221, Dec. 2001.
101. C. Meyer and A. Partan, "BGP security, availability, and operator needs," in Proc. NANOG 28, Jun. 2003.
102. K. Zhang, "Efficient protocols for signing routing messages," in Proc. ISOC NDSS'98, San Diego, CA, Mar. 1998.
103. M. Goodrich, Efficient and Secure Network Routing Algorithms, provisional patent filing, Jan. 2001.
104. D. Boneh, C. Gentry, H. Shacham, and B. Lynn, "Aggregate and verifiably encrypted signatures from bilinear maps," in Proc. Eurocrypt 2003, 2003, vol.LNCS 2656, pp. 416-432.
105. D. Boneh, B. Lynn, and H. Shacham, "Short signatures from the Weil pairing," J. Cryptol., vol.17, no.4, pp. 297-319, Sep. 2004.
106. M. Bellare and S. Miner, "A forward-secure digital signature scheme," in Advances in CryptologyVCRYPTO '99 Proc., 1999, vol.LNCS 1666, pp. 431-438.
107. E. Cronin, S. Jamin, T. Malkin, and P. McDaniel, "On the performance, feasibility, and use of forward-secure signatures," in Proc. ACM CCS'03, Washington, DC, Oct. 2003.
108. H. Chan, D. Dash, A. Perrig, and H. Zhang, "Modeling adoptability of secure BGP protocols," in Proc. ACM SIGCOMM 2006, Pisa, Italy, Sep. 2006.
109. L. Breslau, D. Estrin, K. Fall, S. Floyd, J. Heidemann, A. Helmy, P. Huang, S. McCanne, K. Varadhan, Y. Xu, and H. Yu, "Advances in network simulation," IEEE Computer, vol.33, no.5, pp. 59-67, May 2000.
110. J. Cowie, H. Liu, J. Liu, D. Nicol, and A. Ogielski, "Towards realistic million-node Internet simulations," in Proc. 1999 Int. Conf. Parallel and Distributed Processing Techniques and Applications (PTPTA'99), Las Vegas, NV, Jun. 2000.
111. T. Benzel, R. Braden, D. Kim, C. Neuman, A. Joseph, K. Sklower, R. Ostrenga, and S. Schwab, "Experience with DETER: A testbed for security research," in Proc. 2nd IEEE Conf. Testbeds and Research Infrastructures for the Development of Networks and Communities (TridentCom 20006), Barcelona, Spain, Mar. 2006.
112. X. He and C. Papadopoulos, "A framework for incremental deployment strategies for router-assisted services," in IEEE INFOCOM 2003, San Francisco, CA, Apr. 2003.
113. J. Yu, Scalable Routing Design Principles, RFC 2791, Jul. 2000.
114. V. Stachtos, M. Kounavis, and A. Campbell, "SPHERE: A binding model and middleware for routing protocols," in Proc. 4th Conf. Open Architecture and Network Programming (OPENARCH 2001), Anchorage, AK, Apr. 2001.
115. D. Pei, D. Massey, and L. Zhang, BA framework for resilient Internet routing protocols," IEEE Network, vol. 18, no. 2, pp. 5-12, Mar.-Apr. 2003.
116. S. Gorman, R. Kulkarni, L. Schintler, and R. Stough. (2003). Least Effort Strategies for Cybersecurity. [Online]. Available: http:// arxiv.org/ftp/cond- mat/papers/0306/ 0306002.pdf
117. A. Chakrabarti and G. Manimaran, BAn efficient algorithm for malicious update detection & recovery in distance vector protocols," in IEEE Int. Conf. Communications, Anchorage, AK, May 2003.
118. I. Avramopoulos, H. Kobayashi, R. Wang, and A. Krishnamurthy, "Highly secure and efficient routing," in IEEE INFOCOM 2004, Hong Kong, Mar. 2004. PRC.
119. C. Labovitz, A. Ahuja, R. Wattenhofer, and S. Venkatachary, "Resilience characteristics of the Internet backbone routing infrastructure," in Proc. 3rd Information Survivability Workshop, Boston, MA, 2000.
120. N. Feamster, D. Andersen, H. Balakrishnan, and M. Kaashoek, "Measuring the effects of Internet path faults on reactive routing," in Proc. ACM SIGMETRICS 2003, San Diego, CA, Jun. 2003.
121. V. Padmanabhan and D. Simon, "Secure traceroute to detect faulty or malicious routing," ACM SIGCOMM Comput. Commun. Rev., vol.33, no.1, pp. 77-82, Jan. 2003.
122. Z. Mao, J. Rexford, J. Wang, and R. Katz, "Towards an accurate AS-level traceroute tool," in Proc. ACM SIGCOMM 2003, Karlsruhe, Germany, Aug. 2003.
123. S. Goldberg, S. Halevi, A. D. Jaggard, V. Ramachandran, and R. N. Wright, "Rationality and traffic attraction: Incentives for honest path announcements in BGP," in Proc. ACM SIGCOMM, Aug. 2008.
124. E. L. Wong, P. Balasubramanian, L. Alvisi, M. G. Gouda, and V. Shmatikov, "Truth in advertising: Lightweight verification of route integrity," in Proc. 26th Annu. ACM SIGACT-SIGOPS Symp. Principles of Distributed Computing (PODC 2007), Aug. 2007.
125. I. Avramopoulos, M. Suchara, and J. Rexford, "How small groups can secure interdomain routing," Princeton Univ. Comput. Sci. Dept., Tech. Rep. TR-808-907, Dec. 2007.
126. D. Wendlandt, I. Avramopoulos, D. Andersen, and J. Rexford, "Don't secure routing protocols, secure data delivery," in Proc. ACM SIGCOMM Workshop on Hot Topics in Networking, Nov. 2006.
127. R. White, Deployment Considerations for Secure Origin BGP (soBGP), Internet Draft, Jun. 2006
128. T. Bates, R. Chandra, D. Katz, and Y. Rekhter, Multiprotocol Extensions for BGP-4, RFC 4760, Jan. 2007.
129. C. Ellison and B. Schneier, "Ten risks of PKI: What you're not being told about public key infrastructure," Comput. Security J., vol.16, no.1, 2000.
130. M. Lepinski and S. Kent, An Infrastructure to Support Secure Internet Routing, Internet Draft draft-ietf-sidr-arch-08.txt, Jul. 2009.