A Security Mechanism for Detecting Nonfeasance on Inter-domain Routing Forwarding

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 348)

Abstract

The inter-domain routing system faces serious security threats for lack of effective security mechanisms. Although many security solutions have addressed anomaly forwarding of Border Gateway Protocol (BGP) routes, the research is short of nonfeasance behavior. Based on AS relationships between two-hop distance neighbors, a security mechanism called TwoReply is designed for detecting nonfeasance through introducing feedback approach into the process of BGP route announcements. Furthermore, combined of BGP route selection, TwoReply offers an efficient penalty algorithm to select secure path. Security and performance analysis demonstrate that this mechanism can detect nonfeasance behavior effectively with few route resource consumption. It improves the overall security of inter-domain routing system and has good scalability.

Keywords

Inter-domain routing Nonfeasance AS relationship BGP 

Notes

Acknowledgments

This work was supported by National High Technology Research and Development Program of China (863 Program) (No. 2013AA014701), National Nature Science Foundation of China (No. 61171193).

References

  1. 1.
    Rekhter, Y., Li, T., Hares, S.: A border gateway protocol 4 (BGP-4). In: RFC, p. 4271 (2006)Google Scholar
  2. 2.
    Butler, K., Farley, T., McDaniel, P.: A survey of BGP security issues and solutions. IEEE Proc. 2010(1), 100–122 (2010)Google Scholar
  3. 3.
    Youtube hijacking: A RIPE NCC RIS case study. http://www.ripe.net/news/study-youtube-hijacking.html
  4. 4.
    Huston, G., Rossi, M., Armitage, G.: Security BGP: a literature survey. IEEE Commun. Surv. Tutorials 13(2), 199–222 (2011)CrossRefGoogle Scholar
  5. 5.
    Yu, X.P., Wang, H.J.: Detecting invalid BGP routes based on AS relationships. J. Jilin Univ. 25(4), 461–464 (2007)Google Scholar
  6. 6.
    Wei, Z.H., Chen, M., Zhao, H.H.: AS relationships quick inference algorithm. J. Univ. Electron. Sci. Technol. China 39(2), 266–270 (2010)Google Scholar
  7. 7.
    Kent, S., Lynn, C., Seo, K.: Secure Border gateway protocol (S-BGP). IEEE J. Sel. Areas Commun. 18(4), 582–592 (2000)CrossRefGoogle Scholar
  8. 8.
    White, R.: Securing BGP through secure origin BGP. Internet Protoc. J. 6(3), 15–22 (2003)Google Scholar
  9. 9.
    Kranankis, E., Wan, T., Oorschot, P.C.: On interdomain routing security and pretty secure BGP (psBGP). ACM Trans. Inf. Syst. Secur. (TISSEC) 10(3), 1–41 (2007)Google Scholar
  10. 10.
    Gao, L.: On inferring autonomous system relationships in the Internet. In: IEEE/ACM Transactions on Networking (2001)Google Scholar
  11. 11.
    The Network Simulator–ns2. http://www.isi.edu/nsnam/ns/
  12. 12.

Copyright information

© Springer India 2016

Authors and Affiliations

  1. 1.National Computer Network Emergency Response Technical Team/Coordination, Center of ChinaBeijingChina
  2. 2.Electronic Technology Information Research Institute MIITBeijingChina

Personalised recommendations