Skip to main content
SpringerLink
Log in

AS-TRUST: A Trust Quantification Scheme for Autonomous Systems in BGP

  • Conference paper
Trust and Trustworthy Computing (Trust 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6740))

Included in the following conference series:

Abstract

The Border Gateway Protocol (BGP) works by frequently exchanging updates that disseminate reachability information about IP prefixes (i.e., IP address blocks) between Autonomous Systems (ASes) on the Internet. The ideal operation of BGP relies on three major behavioral assumptions (BAs): (1) information contained in the update is legal and correct, (2) a route to a prefix is stable, and (3) the route adheres to the valley free routing policy. The current operation of BGP implicitly trusts all ASes to adhere to these assumptions. However, several documented violation of these assumptions attest to the fact that such an assumption of trust is perilous. This paper presents AS-TRUST, a scheme that comprehensively characterizes the trustworthiness of ASes with respect to their adherence of the behavioral assumptions. AS-TRUST quantifies trust using the notion of AS reputation. To compute reputation, AS-TRUST analyzes updates received in the past. It then classifies the resulting observations into multiple types of feedback. The feedback is used by a reputation function that uses Bayesian statistics to compute a probabilistic view of AS trustworthiness. This information can then be used for improving quotidian BGP operation by enabling improved route preference and dampening decision making at the ASes. Our implementation of AS-TRUST scheme using publicly available BGP traces demonstrates: (1) the number of ASes involved in violating the BGP behavioral assumptions is significant, and (2) the proposed reputation mechanism provides multi-fold improvement in the ability of ASes to operate in the presence of BA violations.

This research was supported in part by ONR MURI N00014-07-1-0907. POC: Insup Lee, lee@cis.upenn.edu

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. A Border Gateway Protocol 4 (BGP-4) RFC, http://www.rfc-editor.org/rfc/rfc4271.txt

  2. BGP Routing Leak Detection System Routing Leak Detection System, http://puck.nether.net/bgp/leakinfo.cgi

  3. Macroscopic Topology Measurements, http://www.caida.org/projects/macroscopic/

  4. The DIMES project, http://www.netdimes.org/new/

  5. 7007 Explanation and Apology, http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html/

  6. Autonomous System (AS) Numbers, http://www.iana.org/assignments/as-numbers/

  7. Dirichlet distribution, http://www.cis.hut.fi/ahonkela/dippa/node95.html

  8. Pakistan hijacks YouTube, http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml/

  9. RouteViews, http://www.routeviews.org/

  10. Caesar, M., Rexford, J.: BGP routing policies in ISP networks. IEEE Network 19(6), 5–11 (2005)

    Article  Google Scholar 

  11. Chang, J., Venkatasubramanian, K., West, A.G., Kannan, S., Lee, I., Loo, B., Sokolsky, O.: AS-CRED: Reputation service for trustworthy inter-domain routing. In: University of Pennsylvania Technical Report, MS-CIS-10-17 (April 2010)

    Google Scholar 

  12. Chang, J., Venkatasubramanian, K., West, A.G., Kannan, S., Loo, B., Sokolsky, O., Lee, I.: AS-TRUST: A trust characterization scheme for autonomous system in BGP. In: University of Pennsylvania Technical Report, MS-CIS-10-25 (August 2010)

    Google Scholar 

  13. Gao, L.: On inferring autonomous system relationships in the Internet. IEEE/ACM Trans. Netw. 9(6), 733–745 (2001)

    Article  Google Scholar 

  14. Grandison, T., Sloman, M.: A survey of trust in Internet applications. IEEE Communications Surveys and Tutorials 3(4) (August 2000)

    Google Scholar 

  15. Hu, X., Mao, Z.M.: Accurate real-time identification of IP prefix hijacking. In: SP 2007: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 3–17. IEEE Computer Society, Washington, DC (2007)

    Google Scholar 

  16. Josang, A., Ismail, R.: The beta reputation system. In: Proceedings of the 15th Bled Electronic Commerce Conference (2002)

    Google Scholar 

  17. Karlin, J., Forrest, S., Rexford, J.: Autonomous security for autonomous systems. Comput. Netw. 52(15), 2908–2923 (2008)

    Article  MATH  Google Scholar 

  18. Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. In: Proc. of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 3–16 (2002)

    Google Scholar 

  19. Nicholes, M., Mukherjee, B.: A survey of security techniques for the Border Gateway Protocol (BGP). IEEE Communications Surveys and Tutorials 11(1) (First Quarter 2009)

    Google Scholar 

  20. Qiu, J., Gao, L., Ranjan, S., Nucci, A.: Detecting bogus BGP route information: Going beyond prefix hijacking. In: Third International Conference on Security and Privacy in Communications Networks and the Workshops, SecureComm 2007, pp. 381–390 (September 2007)

    Google Scholar 

  21. Qiu, S.Y., McDaniel, P.D., Monrose, F.: Toward valley-free inter-domain routing. In: IEEE International Conference on Communications, ICC 2007, pp. 2009–2016 (2007)

    Google Scholar 

  22. Qiu, T., Ji, L., Pei, D., Wang, J., Xu, J., Ballani, H.: Locating prefix hijackers using LOCK. In: 18th USENIX Security Symposium (August 2009)

    Google Scholar 

  23. Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. SIGCOMM Computation and Communication Review 36(4), 291–302 (2006)

    Article  Google Scholar 

  24. Zhang, B., Liu, R., Massey, D., Zhang, L.: Collecting the Internet AS-level topology. SIGCOMM Comput. Commun. Rev. 35(1), 53–61 (2005)

    Article  Google Scholar 

  25. Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: detecting IP prefix hijacking on my own. SIGCOMM Comput. Commun. Rev. 38(4), 327–338 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Science, University of Pennsylvania, Philadelphia, PA, 19104, U.S.A.

    Jian Chang, Krishna K. Venkatasubramanian, Andrew G. West, Sampath Kannan, Boon Thau Loo, Oleg Sokolsky & Insup Lee

Authors
  1. Jian Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Krishna K. Venkatasubramanian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrew G. West
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sampath Kannan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Boon Thau Loo
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Oleg Sokolsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Insup Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Carnegie Mellon University, 5000 Forbes Ave, 15213, Pittsburgh, PA, USA

    Jonathan M. McCune  & Adrian Perrig  & 

  2. Hewlett-Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK

    Boris Balacheff

  3. TU Darmstadt / Fraunhofer SIT, Mornewegstr.32, 64293, Darmstadt, Germany

    Ahmad-Reza Sadeghi

  4. University College London, Gower Street, WC1E 6BT, London, UK

    Angela Sasse

  5. Hewlett Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK

    Yolanta Beres

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chang, J. et al. (2011). AS-TRUST: A Trust Quantification Scheme for Autonomous Systems in BGP. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21599-5_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21598-8

  • Online ISBN: 978-3-642-21599-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation