Securing BGP-A literature survey

IEEE Communications Surveys and Tutorials

Volumn 13, Issue 2, 2011, Pages 199-222

  Huston, Geoff ^a   Rossi, Mattia ^a   Armitage, Grenville ^a  

^a SWINBURNE UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

BGP; BGP security; Computer Network Protocols; Inter domain routing security; routing

Indexed keywords

BGP; BGP SECURITY; BORDER GATEWAY PROTOCOL; INTERDOMAIN ROUTING; LITERATURE SURVEY; ROUTING; ROUTING ARCHITECTURE; ROUTING INFRASTRUCTURE; SECURITY FUNCTIONS; SECURITY MEASURE;

COMPUTER ARCHITECTURE; DENSE WAVELENGTH DIVISION MULTIPLEXING; GATEWAYS (COMPUTER NETWORKS); INTERNET; INTERNET PROTOCOLS; NETWORK ARCHITECTURE; ROUTING PROTOCOLS; SURVEYS; TELECOMMUNICATION NETWORKS;

NETWORK SECURITY;

EID: 80052025564     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2011.041010.00041     Document Type: Review

References (164)

1. Y. Rekhter, T. Li, and S. Hares, "A border gateway protocol 4 (BGP-4)," RFC 4271 (Draft Standard), Internet Engineering Task Force, Jan. 2006. [Online]. Available: http://www.ietf.org/rfc/rfc4271.txt
2. Y. Rekhter, "Experience with the BGP protocol," RFC 1266 (Informational), Internet Engineering Task Force, Oct. 1991. [Online]. Available: http://www.ietf.org/rfc/rfc1266.txt
3. Office of the President of the United States, "Priority II: A national cyberspace security threat and vulnerability reduction program," 2004. [Online]. Available: http://www.us-cert.gov/reading-room/cyberspace- strategy.pdf
4. M. A. Brown, "Pakistan hijacks YouTube," Renesys Blog, Feb 2008. [Online]. Available: http://www.renesys.com/blog/2008/02/pakistan-hijacks- youtube-1.shtml
5. S. Goldberg, S. Halevi, A. D. Jaggard, V. Ramachandran, and R. N. Wright, "Rationality and traffic attraction: incentives for honest path announcements in BGP," SIGCOMM Comput. Commun. Rev., vol. 38, no. 4, pp. 267-278, 2008.
6. S. Murphy, "BGP security vulnerabilities analysis," RFC 4272 (Informational), Internet Engineering Task Force, Jan. 2006. [Online]. Available: http://www.ietf.org/rfc/rfc4272.txt
7. A. Barbir, S. Murphy, and Y. Yang, "Generic threats to routing protocols," RFC 4593 (Informational), Internet Engineering Task Force, Oct. 2006. [Online]. Available: http://www.ietf.org/rfc/rfc4593.txt
8. H. Ballani, P. Francis, and X. Zhang, "A study of prefix hijacking and interception in the Internet," SIGCOMM Comput. Commun. Rev., vol. 37, no. 4, pp. 265-276, 2007. (Pubitemid 350239790)
9. K. Zetter, "Revealed: The Internet's Biggest Security Hole," Wired Mag.-ThreadLevel, Aug 2008. [Online]. Available: http://www.wired.com/ threatlevel/2008/08/revealed-the-in/
10. V. J. Bono, "7007 Explanation and Apology," Apr. 1997. [Online]. Available: http://www.merit.edu/mail.archives/nanog/1997-04/msg00444. html
11. T. Underwood, "Con-Ed steals the 'net'," Renesys Blog, Jan 2006. [Online]. Available: http://www.renesys.com/blog/2006/01/coned-steals-the- net.shtml
12. N. Feamster, H. Balakrishnan, and J. Rexford, "Some Foundational Problems in Interdomain Routing," in 3rd ACM SIGCOMM Workshop Hot Topics Netw. (HotNets), San Diego, CA, Nov. 2004.
13. D. Meyer, L. Zhang, and K. Fall, Report from the IAB workshop on routing and addressing," RFC 4984 (Informational), Internet Engineering Task Force, Sept. 2007. [Online]. Available: http://www.ietf.org/rfc/rfc4984.txt
14. G. Huston, "The BGP report for 2005," June 2006. [Online]. Available: http://www.potaroo.net/ispcol/2006-06/bgpupds.html
15. M. Nicholes and B. Mukherjee, "A survey of security techniques for the border gateway protocol (BGP)," Commun. Surveys and Tuts, IEEE, vol. 11, no. 1, pp. 52-65, Quarter 2009.
16. C. Huitema, Routing in the Internet. Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 1995.
17. C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, 2nd Edition. Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 2002.
18. J. Postel, "Internet Protocol," RFC 791 (Standard), Internet Engineering Task Force, Sept. 1981, updated by RFC 1349. [Online]. Available: http://www.ietf.org/rfc/rfc791.txt
19. B. Halabi, Internet Routing Architectures. Cisco Press, 1997.
20. B. Donnet and T. Friedman, "Internet topology discovery: A survey," Commun. Surveys Tuts, IEEE, vol. 9, no. 4, pp. 56-69, Quarter 2007.
21. J. Hawkinson and T. Bates, "Guidelines for creation, selection, and registration of an autonomous system (AS)," RFC 1930 (Best Current Practice), Internet Engineering Task Force, Mar. 1996. [Online]. Available: http://www.ietf.org/rfc/rfc1930.txt
22. C. Hedrick, "Routing information protocol," RFC 1058 (Historic), Internet Engineering Task Force, Jun. 1988, updated by RFCs 1388, 1723. [Online]. Available: http://www.ietf.org/rfc/rfc1058.txt
23. J. Moy, "OSPF Version 2," RFC 2328 (Standard), Internet Engineering Task Force, Apr. 1998. [Online]. Available: http://www.ietf.org/rfc/ rfc2328.txt
24. "Intermediate system to intermediate system intra-domain routeing information exchange protocol for use in conjunction with the protocol for providing the connectionless-mode network service (ISO 8473)," ISO/IEC 10589:2002, 2002. [Online]. Available: http://standards.iso.org/ittf/ PubliclyAvailableStandards/c030932-ISO-IEC-10589-2002(E).zip
25. H. Haddadi, M. Rio, G. Iannaccone, A. Moore, and R. Mortier, "Network topologies: Inference, modeling, and generation," Commun. Surveys Tuts, IEEE, vol. 10, no. 2, pp. 48-69, Quarter 2008.
26. K. Lougheed and Y. Rekhter, "Border Gateway Protocol (BGP)," RFC 1105 (Experimental), Internet Engineering Task Force, Jun. 1989, obsoleted by RFC 1163. [Online]. Available: http://www.ietf.org/rfc/rfc1105.txt
27. "Border gateway protocol (BGP)," RFC 1163 (Historic), Internet Engineering Task Force, June 1990, obsoleted by RFC 1267. [Online]. Available: http://www.ietf.org/rfc/rfc1163.txt
28. "Border gateway protocol 3 (BGP-3)," RFC 1267 (Historic), Internet Engineering Task Force, Oct. 1991. [Online]. Available: http://www.ietf.org/rfc/rfc1267.txt
29. Y. Rekhter and T. Li, "A border gateway protocol 4 (BGP-4)," RFC 1771 (Draft Standard), Internet Engineering Task Force, Mar. 1995, obsoleted by RFC 4271. [Online]. Available: http://www.ietf.org/rfc/rfc1771.txt
30. G. Huston, "BGP routing table resource pages," June 2009. [Online]. Available: http://bgp.potaroo.net
31. J. Postel, "Transmission Control Protocol," RFC 793 (Standard), Internet Engineering Task Force, Sep. 1981, updated by RFCs 1122, 3168. [Online]. Available: http://www.ietf.org/rfc/rfc793.txt
32. E. Chen, "Route Refresh Capability for BGP-4," RFC 2918 (Proposed Standard), Internet Engineering Task Force, Sep. 2000. [Online]. Available: http://www.ietf.org/rfc/rfc2918.txt
33. T. Bates, R. Chandra, and E. Chen, "BGP route reflection-an alternative to full mesh IBGP," RFC 2796 (Proposed Standard), Internet Engineering Task Force, Apr. 2000, obsoleted by RFC 4456. [Online]. Available: http://www.ietf.org/rfc/rfc2796.txt
34. T. Griffin and G. Huston, "BGP Wedgies," RFC 4264 (Informational), Internet Engineering Task Force, Nov. 2005. [Online]. Available: http://www.ietf.org/rfc/rfc4264.txt
35. F Wang and L. Gao, "On inferring and characterizing internet routing policies," in IMC '03: Proc. 3rd ACM SIGCOMM Conf. Internet Measurement. New York, NY, USA: ACM, 2003, pp. 15-26. (Pubitemid 40730635)
36. A. Ramaiah, R. Stewart, and M. Dalal, "Improving TCP's robustness to blind in-window attacks," Nov. 2008. [Online]. Available: http://tools.ietf.org/html/draft-ietf-tcpm-tcpsecure-11
37. C. Villamizar, R. Chandra, and R. Govindan, "BGP route flap damping," RFC 2439 (Proposed Standard), Internet Engineering Task Force, Nov. 1998. [Online]. Available: http://www.ietf.org/rfc/rfc2439. txt
38. P. Smith and C. Panigl, "RIPE routing working group recommendations on route-flap damping," ripe-378, May 2006, obsoletes: ripe-229, ripe-210, ripe-178. [Online]. Available: http://www.ripe.net/docs/ripe-378. html
39. K. Sriram, D. Montgomery, O. Borchert, O. Kim, and D. Kuhn, "Study of BGP peering session attacks and their impacts on routing performance," Sel. Areas Commun., IEEE J., vol. 24, no. 10, pp. 1901-1915, Oct. 2006. (Pubitemid 44559603)
40. O. Nordström and C. Dovrolis, "Beware of BGP attacks," SIGCOMM Comput. Commun. Rev., vol. 34, no. 2, pp. 1-8, 2004.
41. P. Boothe, J. Hiebert, and R. Bush, "How prevalent is prefix hijacking on the internet?" Feb. 2006. [Online]. Available: http://www.nanog.org/meetings/nanog36/presentations/boothe.pdf
42. R. Mahajan, D. Wetherall, and T. Anderson, "Understanding BGP misconfiguration," in SIGCOMM '02: Proc. 2002 Conf. Appl., Technol., Architectures, Protocols Comput. Commun. New York, NY, USA: ACM, 2002, pp. 3-16. (Pubitemid 43843771)
43. A. Ramachandran and N. Feamster, "Understanding the network-level behavior of spammers," SIGCOMM Comput. Commun. Rev., vol. 36, no. 4, pp. 291-302, 2006. (Pubitemid 44623735)
44. K. J. Houle and G. M. Weaver, "Trends in denial of service attack technology," Oct. 2001. [Online]. Available: http://www.cert. org/archive/pdf/DoS-trends.pdf
45. B. Kumar, "Integration of security in network routing protocols," SIGSAC Rev., vol. 11, no. 2, pp. 18-25, 1993.
46. B. Kumar and J. Crowcroft, "Integrating security in inter-domain routing protocols," SIGCOMM Comput. Commun. Rev., vol. 23, no. 5, pp. 36-51, 1993.
47. G. Huston, "Securing Routing-An ISP's Perspective," Feb. 2005. [Online]. Available: http://www.potaroo.net/ispcol/2005-02/route-sec. html
48. V. Gill, J. Heasley, and D. Meyer, "The generalized TTL security mechanism (GTSM)," RFC 3682 (Experimental), Internet Engineering Task Force, Feb. 2004, obsoleted by RFC 5082. [Online]. Available: http://www.ietf.org/rfc/rfc3682.txt
49. V. Gill, J. Heasley, D. Meyer, P. Savola, and C. Pignataro, "The generalized TTL security mechanism (GTSM)," RFC 5082 (Proposed Standard), Internet Engineering Task Force, Oct. 2007. [Online]. Available: http://www.ietf.org/rfc/rfc5082.txt
50. W. Eddy, "TCP SYN flooding attacks and common mitigations," RFC 4987 (Informational), Internet Engineering Task Force, Aug. 2007. [Online]. Available: http://www.ietf.org/rfc/rfc4987.txt
51. S. Kent and R. Atkinson, "Security architecture for the internet protocol," RFC 2401 (Proposed Standard), Internet Engineering Task Force, Nov. 1998, obsoleted by RFC 4301, updated by RFC 3168. [Online]. Available: http://www.ietf.org/rfc/rfc2401.txt
52. R. Rivest, "The MD5 message-digest algorithm," RFC 1321 (Informational), Internet Engineering Task Force, Apr. 1992. [Online]. Available: http://www.ietf.org/rfc/rfc1321.txt
53. A. Heffernan, "Protection of BGP sessions via the TCP MD5 signature option," RFC 2385 (Proposed Standard), Internet Engineering Task Force, Aug. 1998. [Online]. Available: http://www.ietf.org/rfc/rfc2385. txt
54. M. Behringer, "BGP session security requirements," Internet-Draft (Informational), Aug. 2007. [Online]. Available: http://tools.ietf.org/html/draft-behringer-bgp-session-sec-req-02
55. B. Christian and T. Tauber, "BGP security requirements," Internet-Draft (Informational), Nov. 2008. [Online]. Available: http://tools.ietf. org/html/draft-ietf-rpsec-bgpsecrec-10
56. B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, P. Sutherland, Ed. New York, NY, USA: John Wiley & Sons, Inc., 1995.
57. S. Murphy, "BGP security analysis," Nov. 2001. [Online]. Available: http://tools.ietf.org/html/draft-murphy-bgp-secr-04
58. R. Housley, W. Polk, W. Ford, and D. Solo, "Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile," RFC 3280 (Proposed Standard), Internet Engineering Task Force, Apr. 2002, obsoleted by RFC 5280, updated by RFCs 4325, 4630. [Online]. Available: http://www.ietf.org/rfc/rfc3280.txt
59. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, "Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile," RFC 5280 (Proposed Standard), Internet Engineering Task Force, May 2008. [Online]. Available: http://www.ietf.org/rfc/ rfc5280.txt
60. C. Lynn, S. Kent, and K. Seo, "X.509 extensions for IP Addresses and AS identifiers," RFC 3779 (Proposed Standard), Internet Engineering Task Force, June 2004. [Online]. Available: http://www.ietf.org/rfc/rfc3779.txt
61. X. He, C. Papadopoulos, and P. Radoslavov, "A framework for incremental deployment strategies for router-assisted services," in INFOCOM 2003. Twenty-Second Annual Joint Conf. IEEE Comput. Commun. Societies. IEEE, vol. 2, Mar.-3 Apr. 2003, pp. 1488-1498 vol.2.
62. M. Suchara, I. Avramopoulos, and J. Rexford, "Securing BGP incrementally," in CoNEXT '07: Proc. 2007 ACM CoNEXT Conf. New York, NY, USA: ACM, 2007, pp. 1-2.
63. J. Rexford and J. Feigenbaum, "Incrementally-deployable security for interdomain routing," in Conf. Homeland Security, 2009. CATCH '09. Cybersecurity Appl. Technol., Mar. 2009, pp. 130-134.
64. S. Gorman, R. Kulkarni, L. Schintler, and R. Stough, "Least effort strategies for cybersecurity," 2003. [Online]. Available: http://arxiv.org/pdf/cond-mat/0306002
65. H. Chan, D. Dash, A. Perrig, and H. Zhang, "Modeling adoptability of secure BGP protocols," in SIGMETRICS '06/Performance '06: Proc. Joint International Conf. Measurement Modeling Computer Syst. New York, NY, USA: ACM, 2006, pp. 389-390. (Pubitemid 44619120)
66. S. Kent, C. Lynn, and K. Seo, "Secure border gateway protocol (S-BGP)," Sel. Areas Commun., IEEE J., vol. 18, no. 4, pp. 582-592, Apr. 2000.
67. S. Kent, C. Lynn, J. Mikkelson, and K. Seo, "Secure border gateway protocol (S-BGP)-real world performance and deployment issues," in 7th Annual Netw. Distributed Syst. Security Symp. (NDSS'00), Feb. 2000, pp. 103-116.
68. R. White, "Securing BGP through secure origin BGP," Internet Protocol J., vol. 6, no. 3, Sept. 2003.
69. P. v. Oorschot, T. Wan, and E. Kranakis, "On interdomain routing security and pretty secure BGP (psBGP)," ACM Trans. Inf. Syst. Secur., vol. 10, no. 3, p. 11, 2007.
70. G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin, "Working around BGP: An incremental approach to improving security and accuracy of interdomain routing," in Proc. Internet Society Symp. Netw. Distributed Syst. Security (NDSS 03), Feb. 2003.
71. S. M. Bellovin, "Security problems in the TCP/IP protocol suite," SIGCOMM Comput. Commun. Rev., vol. 19, no. 2, pp. 32-48, 1989.
72. M. Leech, "Key management considerations for the TCP MD5 signature option," RFC 3562 (Informational), Internet Engineering Task Force, July 2003. [Online]. Available: http://www.ietf.org/rfc/rfc3562.txt
73. S. Bellovin, "Key change strategies for TCP-MD5," RFC 4808 (Informational), Internet Engineering Task Force, Mar. 2007. [Online]. Available: http://www.ietf.org/rfc/rfc4808.txt
74. S. Bellovin and R. Housley, "Guidelines for cryptographic key management," RFC 4107 (Best Current Practice), Internet Engineering Task Force, June 2005. [Online]. Available: http://www.ietf.org/rfc/rfc4107.txt
75. S. Bellovin and E. Rescorla, "Deploying a new Hash Algorithm," in NIST Cryptographic Hash Workshop, October 2005. [Online]. Available: http://csrc.nist.gov/groups/ST/hash/documents/Bellovin-new-hash.pdf
76. B. Burr, "NIST Cryptographic Standards Status Report," Internet 2 5th Annual PKI R&D Workshop, April 2006. [Online]. Available: http://middleware.internet2.edu/pki06/proceedings/burr-nist-crypto-standards.ppt
77. X. Wang and H. Yu, "How to break MD5 and other hash functions," in EUROCRYPT, 2005, pp. 19-35. [Online]. Available: http://dx.doi.org/10.1007/ 11426639-2 (Pubitemid 41313944)
78. S. Bellovin and A. Zinin, "Standards maturity variance regarding the TCP MD5 signature option (RFC 2385) and the BGP-4 specification," RFC 4278 (Informational), Internet Engineering Task Force, Jan. 2006. [Online]. Available: http://www.ietf.org/rfc/rfc4278.txt
79. D. Eastlake 3rd and T. Hansen, "US secure hash algorithms (SHA and HMAC-SHA)," RFC 4634 (Informational), Internet Engineering Task Force, July 2006. [Online]. Available: http://www.ietf.org/rfc/rfc4634.txt
80. T. Krovetz, "UMAC: Message authentication code using universal hashing," RFC 4418 (Informational), Internet Engineering Task Force, Mar. 2006. [Online]. Available: http://www.ietf.org/rfc/rfc4418.txt
81. H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-hashing for message authentication," RFC 2104 (Informational), Internet Engineering Task Force, Feb. 1997. [Online]. Available: http://www.ietf.org/rfc/rfc2104.txt
82. C. Madson and R. Glenn, "The use of HMAC-MD5-96 within ESP and AH," RFC 2403 (Proposed Standard), Internet Engineering Task Force, Nov. 1998. [Online]. Available: http://www.ietf.org/rfc/rfc2403.txt
83. R. Bonica, B. Weis, S. Viswanathan, A. Lange, and O. Wheeler, "Authentication for TCP-based routing and management protocols," Feb. 2007. [Online]. Available: http://tools.ietf.org/html/draft-bonica-tcp-auth-06
84. B. Weis, C. Apanna, D. McGrew, and A. Ramaiah, "Automated key selection extension for the TCP Enhanced Authentication Option," Oct. 2007. [Online]. Available: http://tools.ietf.org/html/draft-weis-tcp-auth-auto-ks-03
85. J. Touch, A. Mankin, and R. Bonica, "The TCP authentication option," Mar. 2009. [Online]. Available: http://tools.ietf.org/html/draft- ietf-tcpm-tcp-auth-opt-04
86. R. Thayer, N. Doraswamy, and R. Glenn, "IP security document roadmap," RFC 2411 (Informational), Internet Engineering Task Force, Nov. 1998. [Online]. Available: http://www.ietf.org/rfc/rfc2411.txt
87. D. Ward, "Securing BGPv4 using IPsec," Jan. 2002. [Online]. Available: http://tools.ietf. org/html/draft-ward-bgp-ipsec-00
88. quot;HP-UX IPSec performance and sizing white paper," Dec. 2005. [Online]. Available: http://www.docs.hp.com/en/6092/ipsecperf/ipsecperf.pdf
89. R. Perlman, "Network layer protocols with byzantine robustness," Tech. Rep., 1988. [Online]. Available: http://www.lcs.mit.edu/ publications/specpub. php?id=997
90. B. Smith and J. Garcia-Luna-Aceves, "Securing the border gateway routing protocol," in Global Telecommun. Conf., 1996. GLOBECOM '96. 'Commun.: Key Global Prosperity, Nov 1996, pp. 81-85.
91. "Efficient security mechanisms for the border gateway routing protocol," Computer Commun., vol. 21, no. 3, pp. 203-210, Mar. 1998.
92. "Protocol for exchange of inter-domain routeing information among intermediate systems to support forwarding of ISO 8473 PDUs," ISO/IEC 10747:1994, 1994. [Online]. Available: http://www.iso.org/iso/iso-catalogue/ catalogue-tc/catalogue-detail.htm?csnumber=21417
93. T. Bates, R. Bush, T. Li, and Y. Rhekter, "DNS-based NLRI origin as verification in BGP," July 1998. [Online]. Available: http://tools.ietf. org/html/draft-bates-bgp4-nlri-orig-verif-00
94. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose, "DNS security introduction and requirements," RFC 4033 (Proposed Standard), Internet Engineering Task Force, Mar. 2005. [Online]. Available: http://www.ietf.org/rfc/rfc4033.txt
95. L. Donnerhacke and W. Wijngaards, "DNSSEC protected routing announcements for BGP," May 2008. [Online]. Available: http://tools.ietf. org/html/draft-donnerhacke-sidr-bgp-verification-dnssec-04
96. K. Seo, C. Lynn, and S. Kent, "Public-key infrastructure for the secure border gateway protocol (S-BGP)," in DARPA Inf. Survivability Conf. Exposition II, 2001. DISCEX '01. Proc, vol. 1, 2001, pp. 239-253 vol. 1.
97. M. Zhao and D. Nicol, "Evaluating the performance impact of PKI on BGP security," Internet 2 4th Annual PKI R&D Workshop, Apr. 2005. [Online]. Available: http://middleware.internet2.edu/pki05/proceedings/zhao- sbgp.pdf
98. M. Zhao, S. Smith, and D. Nicol, "The performance impact of BGP security," Netw., IEEE, vol. 19, no. 6, pp. 42-48, Nov.-Dec. 2005. (Pubitemid 46444793)
99. S. T. Kent, "Securing the border gateway protocol: A status update," in Seventh IFIP TC-6 TC-11 Conf. Commun. Multimedia Security, Torino, 2003.
100. P. R. Zimmermann, The official PGP user's guide. Cambridge, MA, USA: MIT Press, 1995.
101. G. Huston, "Exploring autonomous system numbers," Internet Protocol J., vol. 9, no. 1, Mar. 2006.
102. T. Bates, E. Gerich, L. Joncheray, J.-M. Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu, "Representation of IP routing policies in a routing registry (ripe-81++)," RFC 1786 (Informational), Internet Engineering Task Force, Mar. 1995. [Online]. Available: http://www.ietf.org/rfc/rfc1786.txt
103. C. Alaettinoglu, C. Villamizar, E. Gerich, D. Kessens, D. Meyer, T. Bates, D. Karrenberg, and M. Terpstra, "Routing policy specification language (RPSL)," RFC 2622 (Proposed Standard), Internet Engineering Task Force, Jun. 1999, updated by RFC 4012. [Online]. Available: http://www.ietf.org/ rfc/rfc2622.txt
104. L. Blunk, J. Damas, F Parent, and A. Robachevsky, "Routing policy specification language next generation (RPSLng)," RFC 4012 (Proposed Standard), Internet Engineering Task Force, Mar. 2005. [Online]. Available: http://www.ietf.org/rfc/rfc4012.txt
105. Internet routing registry." [Online]. Available: http://www.irr.net
106. R. Kisteleki and J. Boumans, "Securing RPSL objects with RPKI signatures," Oct. 2008. [Online]. Available: http://tools.ietf.org/id/ draft-kisteleki-sidr-rpsl-sig-00.txt
107. Y.-C. Hu, A. Perrig, and D. Johnson, "Efficient security mechanisms for routing protocols," in Proc. Internet Society Symp. Netw. Distributed Syst. Security (NDSS 03), Feb. 2003.
108. P. McDaniel, W. Aiello, K. Butler, and J. Ioannidis, "Origin authentication in interdomain routing," Comput. Netw., vol. 50, no. 16, pp. 2953-2980, 2006. (Pubitemid 44292593)
109. R. C. Merkle, "Protocols for public key cryptosystems," Security Privacy, IEEE Symp., vol. 0, p. 122, 1980.
110. Y.-C. Hu, A. Perrig, and M. Sirbu, "SPV: Secure path vector routing for securing BGP," in SIGCOMM '04: Proc. 2004 Conf. Appl., Technol., Architectures, Protocols Comput. Commun. New York, NY, USA: ACM, 2004, pp. 179-192. (Pubitemid 40954879)
111. C. K. Wong and S. Lam, "Digital signatures for flows and multicasts," Netw., IEEE/ACM Trans., vol. 7, no. 4, pp. 502-513, Aug. 1999.
112. S. Even, O. Goldreich, and S. Micali, "On-line/off-line digital signatures," in CRYPTO '89: Proc. Advances Cryptology. New York, NY, USA: Springer-Verlag New York, Inc., 1989, pp. 263-275.
113. B. Raghavan, S. Panjwani, and A. Mityagin, "Analysis of the SPV secure routing protocol: Weaknesses and lessons," SIGCOMM Comput. Commun. Rev., vol. 37, no. 2, pp. 29-38, 2007.
114. D. M. Nicol, S. W. Smith, and M. Zhao, "Efficient security for BGP route announcements," TR-2003-440, Tech. Rep., 2003.
115. M. Zhao, S. W. Smith, and D. M. Nicol, "Aggregated path authentication for efficient BGP security," in CCS '05: Proc. 12th ACM Conf. Comput. Commun. Security. New York, NY, USA: ACM, 2005, pp. 128-138. (Pubitemid 44021997)
116. D. Boneh, C. Gentry, B. Lynn, and H. Shacham, "Aggregate and verifiably encrypted signatures from bilinear maps," in Advances in Cryptology-EUROCRYPT 2003, vol. 2656. Springer Berlin/Heidelberg, Jan. 2003, p. 641.
117. A. Boldyreva, C. Gentry, A. O'Neill, and D. H. Yum, "Ordered mul-tisignatures and identity-based sequential aggregate signatures, with applications to secure routing," in CCS '07: Proc. 14th ACM Conf. Comput. Commun. Security. New York, NY, USA: ACM, 2007, pp. 276-285.
118. "New multiparty signature schemes for network routing applications," ACM Trans. Inf. Syst. Secur, vol. 12, no. 1, pp. 1-39, 2008.
119. K. Butler, P. McDaniel, and W. Aiello, "Optimizing BGP security by exploiting path stability," in CCS '06: Proc. 13th ACM Conf. Comput. Commun. Security. New York, NY, USA: ACM, 2006, pp. 298-310. (Pubitemid 47131378)
120. J. Karlin, S. Forrest, and J. Rexford, "Pretty good BGP: Improving BGP by cautiously adopting routes," in ICNP '06: Proc. 2006 IEEE International Conf. Netw. Protocols. Washington, DC, USA: IEEE Comput. Society, 2006, pp. 290-299.
121. "Autonomous security for autonomous systems," Comput. Netw., vol. 52, no. 15, pp. 2908-2923, 2008.
122. J. Qiu, L. Gao, S. Ranjan, and A. Nucci, "Detecting bogus BGP route information: Going beyond prefix hijacking," in Security Privacy Commun. Netw. Workshops, 2007. SecureComm 2007. Third International Conf, Sept. 2007, pp. 381-390.
123. C. Zheng, L. Ji, D. Pei, J. Wang, and P. Francis, "A light-weight distributed scheme for detecting ip prefix hijacks in real-time," SIGCOMM Comput. Commun. Rev., vol. 37, no. 4, pp. 277-288, 2007. (Pubitemid 350239791)
124. X. Hu and Z. M. Mao, "Accurate real-time identification of IP prefix hijacking," in SP '07: Proc. 2007 IEEE Symp. Security Privacy. Washington, DC, USA: IEEE Comput. Society, 2007, pp. 3-17. (Pubitemid 47432512)
125. X. Hu and Z. Mao, "Accurate real-time identification of IP prefix hijacking," in Security Privacy, 2007. SP '07. IEEE Symp., May 2007, pp. 3-17. (Pubitemid 47432512)
126. C. Kruegel, D. Mutz, W. Robertson, and F Valeur, "Topology-based detection of anomalous BGP messages," in Recent Advances Intrusion Detection, vol. 2820. Springer Berlin/Heidelberg, Feb. 2003, pp. 17-35.
127. M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang, "PHAS: A prefix hijack alert system," in USENIX-SS'06: Proc. 15th Conf. USENIX Security Symp. Berkeley, CA, USA: USENIX Association, 2006.
128. E.-y. Kim, K. Nahrstedt, L. Xiao, and K. Park, "Identity-based registry for secure interdomain routing," in ASIACCS '06: Proc. 2006 ACM Symp. Inf., Comput. Commun. Security. New York, NY, USA: ACM, 2006, pp. 321-331. (Pubitemid 46644750)
129. Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, "Practical defenses against BGP prefix hijacking," in CoNEXT '07: Proc. 2007 ACM CoNEXT Conf. New York, NY, USA: ACM, 2007, pp. 1-12.
130. T. U. of Oregon, "University of Oregon Route Views Project." [Online]. Available: http://www.routeviews.org
131. Y. Zhang, Z. Zhang, Z. M. Mao, C. Hu, and B. MacDowell Maggs, "On the impact of route monitor selection," in IMC '07: Proc. 7th ACM SIGCOMM Conf. Internet Measurement. New York, NY, USA: ACM, 2007, pp. 215-220.
132. X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, "An analysis of BGP multiple origin AS (MOAS) conflicts," in IMW '01: Proc. 1st ACM SIGCOMM Workshop Internet Measurement. New York, NY, USA: ACM, 2001, pp. 31-35.
133. X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. Wu, and L. Zhang, "Detection of invalid routing announcement in the internet," in Dependable Syst. Netw., 2002. DSN 2002. Proc. International Conf., 2002, pp. 59-68.
134. Z. Zhang, Y. Zhang, Y. C. Hu, Z. M. Mao, and R. Bush, "ISPY: Detecting IP prefix hijacking on my own," in SIGCOMM '08: Proc. ACM SIGCOMM 2008 Conf. Data Commun. New York, NY, USA: ACM, 2008, pp. 327-338.
135. M. Lad, R. Oliveira, B. Zhang, and L. Zhang, "Understanding resiliency of internet topology against prefix hijack attacks," in DSN '07: Proc. 37th Annual IEEE/IFIP International Conf. Dependable Syst. Netw. Washington, DC, USA: IEEE Comput. Society, 2007, pp. 368-377. (Pubitemid 350080442)
136. K. Sriram, O. Borchert, O. Kim, P. Gleichmann, and D. Montgomery, "A comparative analysis of BGP anomaly detection and robustness algorithms," Conf. Homeland Security, Cybersecurity Applications Technol., vol. 0, pp. 25-38, 2009.
137. C. S. N. S. Group, "Simple hijack alert system and monitor (SHASAM) is coming!" 2009. [Online]. Available: http://phas.netsec.colostate.edu/
138. G. Huston, "Measures of self-similarity of BGP updates and implications for securing BGP," in Proc. 8th International Conf. Passive Active Netw. Measurement (PAM 2007), vol. 4427. Heidelberg, DE: Springer-Verlag Berlin, Apr. 2007, pp. 1-10.
139. R. Oliveira, B. Zhang, D. Pei, R. Izhak-Ratzin, and L. Zhang, "Quantifying path exploration in the internet," in IMC '06: Proc. 6th ACM SIGCOMM Conf. Internet Measurement. New York, NY, USA: ACM, 2006, pp. 269-282. (Pubitemid 47165609)
140. J. Chandrashekar, Z. Duan, Z.-L. Zhang, and J. Krasky, "Limiting path exploration in BGP," in INFOCOM 2005. 24th Annual Joint Conf. IEEE Comput. Commun. Societies. Proc. IEEE, vol. 4, Mar. 2005, pp. 2337-2348 vol. 4.
141. N. Feamster and J. Rexford, "Network-wide prediction of BGP routes," Netw., IEEE/ACM Trans., vol. 15, no. 2, pp. 253-266, April 2007. (Pubitemid 46621608)
142. D. Wendlandt, I. Avramopoulos, D. Andersen, and J. Rexford, "Don't secure routing protocols, secure data delivery," in Proc. 5th ACM Workshop Hot Topics Netw. (Hotnets-V), Irvine, CA, Nov. 2006.
143. Z. M. Mao, J. Rexford, J. Wang, and R. H. Katz, "Towards an accurate AS-level traceroute tool," in SIGCOMM '03: Proc. 2003 Conf. Appl., Technol., Architectures, Protocols Comput. Commun. New York, NY, USA: ACM, 2003, pp. 365-378.
144. I. Avramopoulos and J. Rexford, "Stealth probing: Efficient data-plane security for IP routing," in ATEC '06: Proc. Annual Conf. USENIX '06 Annual Technical Conf. Berkeley, CA, USA: USENIX Association, 2006, pp. 25-25.
145. V. N. Padmanabhan and D. R. Simon, "Secure traceroute to detect faulty or malicious routing," SIGCOMM Comput. Commun. Rev., vol. 33, no. 1, pp. 77-82, 2003.
146. A. T. Mizrak, "Fatih: Detecting and isolating malicious routers," in DSN '05: Proc. 2005 International Conf. Dependable Syst. Netw. Washington, DC, USA: IEEE Comput. Society, 2005, pp. 538-547. (Pubitemid 41538268)
147. Y.-C. Cheng, "Detecting and isolating malicious routers," IEEE Trans. Dependable Secur. Comput., vol. 3, no. 3, pp. 230-244, 2006, Student Member-Mizrak, Alper Tugay and Member-Marzullo, Keith and Member-Savage, Stefan. (Pubitemid 44304210)
148. L. Subramanian, V. Roth, I. Stoica, S. Shenker, and R. H. Katz, "Listen and whisper: security mechanisms for BGP," in NSDI'04: Proc. 1st Conf. Symp. Netw. Syst. Design Implementation. Berkeley, CA, USA: USENIX Association, 2004, pp. 10-10.
149. E. L. Wong, P. Balasubramanian, L. Alvisi, M. G. Gouda, and V. Shmatikov, "Truth in advertising: Lightweight verification of route integrity," in PODC '07: Proc. Twenty-Sixth Annual ACM Symp. Principles Distributed Comput. New York, NY, USA: ACM, 2007, pp. 147-156. (Pubitemid 350229311)
150. K. Butler, T. R. Farley, P. McDaniel, and J. Rexford, "A survey of BGP security issues and solutions," Proc. IEEE, vol. 98, no. 1, pp. 100-122, Jan. 2010.
151. S. Wilson, "Public key superstructure 'it's PKI Jim, but not as we know it!'," in IDtrust '08: Proc. 7th Symp. Identity Trust on Internet. New York, NY, USA: ACM, 2008, pp. 72-88.
152. M. Parameswaran, X. Zhao, A. B. Whinston, and F. Fang, "Reengineering the internet for better security," Comput., vol. 40, no. 1, pp. 40-44, 2007.
153. M. Lepinski and S. Kent, "An Infrastructure To Support Secure Internet Routing," July 2009. [Online]. Available: http://tools. ietf.org/html/draft-ietf-sidr-arch-08
154. D. Pei, L. Zhang, and D. Massey, "A framework for resilient Internet routing protocols," Netw., IEEE, vol. 18, no. 2, pp. 5-12, Mar.-Apr. 2004.
155. N. Hilliard, "RFC 5082 GTSM for Quagga bgpd," Nov. 2008. [Online]. Available: http://lists.quagga.net/pipermail/quagga-dev/2008-November/ 006116.html
156. B. S. LLC, "Secure BGP prototype software," 2003. [Online]. Available: http://www.ir.bbn.com/sbgp/src/S-BGP-1.0.html
157. J. Ng, "Extensions to BGP to support secure origin BGP (soBGP)," Apr. 2004. [Online]. Available: http://tools.ietf.org/html/draft- ng-sobgp-bgp-extensions-02
158. J. Karlin, "Pretty good BGP-Quagga reference implementation," July 2008. [Online]. Available: http://lists.quagga.net/pipermail/quagga-dev/ 2008-July/005574. html
159. G. Huston, "Commentary on inter-domain routing in the internet," RFC 3221 (Informational), Internet Engineering Task Force, Dec. 2001. [Online]. Available: http://www.ietf.org/rfc/rfc3221.txt
160. "Scaling inter-domain routing-a view forward," Internet Protocol J., vol. 4, no. 4, Dec 2001.
161. D. Meyer and A. Partan, "BGP security, availability and operator needs," June 2003. [Online]. Available: http://www.nanog.org/meetings/ nanog28/presentations/meyer.pdf
162. J. Li, M. Guidero, Z. Wu, E. Purpus, and T. Ehrenkranz, "BGP routing dynamics revisited," SIGCOMMComput. Commun. Rev., vol. 37, no. 2, pp. 5-16, 2007.
163. T. Bates, R. Chandra, D. Katz, and Y. Rekhter, "Multiprotocol extensions for BGP-4," RFC 4760 (Draft Standard), Internet Engineering Task Force, Jan. 2007. [Online]. Available: http://www.ietf.org/rfc/rfc4760.txt
164. T. Bates, P. Smith, and G. Huston, "The CIDR report," last accessed: June 2009. [Online]. Available: http://www.cidr-report.org/as2.0/