Advertisement

Sign What You Really Care about – Secure BGP AS Paths Efficiently

  • Yang Xiang
  • Zhiliang Wang
  • Jianping Wu
  • Xingang Shi
  • Xia Yin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7289)

Abstract

The inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the reliability of the Internet routing system, but forged routes generated by malicious attacks or mis-configurations may devastate the system. The security problem of BGP has attracted considerable attention, and although several solutions have been proposed, none of them have been widely deployed due to weaknesses such as high computational cost or potential security compromise. This paper proposes Fast Secure BGP (FS-BGP), an efficient mechanism for securing AS paths and preventing prefix hijacking by signing critical AS path segments. We prove that FS-BGP can achieve a similar level of security as S-BGP, but with much higher efficiency. Our experiments use BGP UPDATE data collected from real backbone routers. Compared with S-BGP, FS-BGP only requires a very small cache, and can reduce the cost of signing and verification by orders of magnitude. Indeed, the signing and verification can be accomplished as fast as the most bursty BGP UPDATE arrivals, which implies that FS-BGP will hardly delay the propagation of routing information.

Keywords

Inter-Domain Routing BGP Prefix Hijacking Security 

References

  1. 1.
    The routeviews project (2009), http://www.routeviews.org
  2. 2.
    Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., Meyer, D., Bates, T., Karrenberg, D., Terpstra, M.: RFC 2622, routing policy specification language, RPSL (1999), http://tools.ietf.org/html/rfc2622
  3. 3.
    Bellovin, S.M., Gansner, E.R.: Using link cuts to attack Internet routing (2003), http://hdl.handle.net/10022/AC:P:9052
  4. 4.
    Gao, L., Rexford, J.: Stable Internet routing without global coordination. IEEE/ACM Trans. Netw. 9(6), 681–692 (2001)CrossRefGoogle Scholar
  5. 5.
    Goldberg, S., Schapira, M., Hummon, P., Rexford, J.: How secure are secure interdomain routing protocols? In: SIGCOMM (2010)Google Scholar
  6. 6.
    Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P.D., Rubin, A.D.: Working around BGP: An incremental approach to improving security and accuracy in interdomain routing. In: NDSS (2003)Google Scholar
  7. 7.
    Hu, Y.C., Perrig, A., Sirbu, M.A.: SPV: secure path vector routing for securing BGP. In: SIGCOMM, pp. 179–192 (2004)Google Scholar
  8. 8.
    Karlin, J., Forrest, S., Rexford, J.: Pretty good BGP: Improving BGP by cautiously adopting routes. In: ICNP, pp. 290–299 (2006)Google Scholar
  9. 9.
    Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18, 103–116 (2000)CrossRefGoogle Scholar
  10. 10.
    Nicol, D.M., Smith, S.W., Zhao, M.: Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Modelling Practice and Theory 12(3-4), 187–216 (2004)CrossRefGoogle Scholar
  11. 11.
    Oliveira, R., Zhang, B., Pei, D., Izhak-Ratzin, R., Zhang, L.: Quantifying path exploration in the Internet. In: Proc. of the 6th ACM SIGCOMM Internet Measurement Conference (IMC), Rio de Janeriro, Brazil (2006)Google Scholar
  12. 12.
    van Oorschot, P.C., Wan, T., Kranakis, E.: On interdomain routing security and pretty secure BGP (psBGP). ACM Trans. Inf. Syst. Secur. 10(3) (2007)Google Scholar
  13. 13.
    Rekhter, Y., Li, T., Hares, S.: RFC 4271: Border gateway protocol 4 (2006), http://tools.ietf.org/html/rfc4271
  14. 14.
    RIPE: Youtube hijacking: A ripe ncc ris case study (2008), http://www.ripe.net/news/study-youtube-hijacking.html
  15. 15.
    RIPE NCC: Resource certification (2011), http://ripe.net/certification/
  16. 16.
    Subramanian, L., Roth, V., Stoica, I., Shenker, S., Katz, R.H.: Listen and whisper: Security mechanisms for BGP. In: NSDI, pp. 127–140 (2004)Google Scholar
  17. 17.
    Turner, S.: BGP algorithms, key formats, & signature formats (2011), http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-algs
  18. 18.
    Wang, J.H., Chiu, D.M., Lui, J.C.S., Chang, R.K.C.: Inter-as inbound traffic engineering via ASPP. Transactions On Network And Service Management 3(1) (2007)Google Scholar
  19. 19.
    White, R.: Architecture and deployment considerations for secure origin BGP (2006), http://tools.ietf.org/html/draft-white-sobgp-architecture
  20. 20.
    Xiang, Y., Yin, X., Wang, Z., Wu, J.: Internet flattening: Monitoring and analysis of inter-domain routing. In: IEEE ICC (2011)Google Scholar
  21. 21.
    Zmijewski, E.: Threats to internet routing and global connectivity (2008), http://www.renesys.com/tech/presentations/pdf/20thAnnualFIRST.pdf

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Yang Xiang
    • 1
    • 3
  • Zhiliang Wang
    • 2
    • 3
  • Jianping Wu
    • 1
    • 2
    • 3
  • Xingang Shi
    • 2
    • 3
  • Xia Yin
    • 1
    • 3
  1. 1.Tsinghua National Laboratory for Information Science and Technology (TNList)China
  2. 2.Department of Computer Science & TechnologyTsinghua UniversityBeijingChina
  3. 3.Network Research CenterTsinghua UniversityBeijingP.R. China

Personalised recommendations