Abstract
The Border Gateway Protocol (BGP) works by frequently exchanging updates that disseminate reachability information about IP prefixes (i.e., IP address blocks) between Autonomous Systems (ASes) on the Internet. The ideal operation of BGP relies on three major behavioral assumptions (BAs): (1) information contained in the update is legal and correct, (2) a route to a prefix is stable, and (3) the route adheres to the valley free routing policy. The current operation of BGP implicitly trusts all ASes to adhere to these assumptions. However, several documented violation of these assumptions attest to the fact that such an assumption of trust is perilous. This paper presents AS-TRUST, a scheme that comprehensively characterizes the trustworthiness of ASes with respect to their adherence of the behavioral assumptions. AS-TRUST quantifies trust using the notion of AS reputation. To compute reputation, AS-TRUST analyzes updates received in the past. It then classifies the resulting observations into multiple types of feedback. The feedback is used by a reputation function that uses Bayesian statistics to compute a probabilistic view of AS trustworthiness. This information can then be used for improving quotidian BGP operation by enabling improved route preference and dampening decision making at the ASes. Our implementation of AS-TRUST scheme using publicly available BGP traces demonstrates: (1) the number of ASes involved in violating the BGP behavioral assumptions is significant, and (2) the proposed reputation mechanism provides multi-fold improvement in the ability of ASes to operate in the presence of BA violations.
This research was supported in part by ONR MURI N00014-07-1-0907. POC: Insup Lee, lee@cis.upenn.edu
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
A Border Gateway Protocol 4 (BGP-4) RFC, http://www.rfc-editor.org/rfc/rfc4271.txt
BGP Routing Leak Detection System Routing Leak Detection System, http://puck.nether.net/bgp/leakinfo.cgi
Macroscopic Topology Measurements, http://www.caida.org/projects/macroscopic/
The DIMES project, http://www.netdimes.org/new/
7007 Explanation and Apology, http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html/
Autonomous System (AS) Numbers, http://www.iana.org/assignments/as-numbers/
Dirichlet distribution, http://www.cis.hut.fi/ahonkela/dippa/node95.html
Pakistan hijacks YouTube, http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml/
RouteViews, http://www.routeviews.org/
Caesar, M., Rexford, J.: BGP routing policies in ISP networks. IEEE Network 19(6), 5–11 (2005)
Chang, J., Venkatasubramanian, K., West, A.G., Kannan, S., Lee, I., Loo, B., Sokolsky, O.: AS-CRED: Reputation service for trustworthy inter-domain routing. In: University of Pennsylvania Technical Report, MS-CIS-10-17 (April 2010)
Chang, J., Venkatasubramanian, K., West, A.G., Kannan, S., Loo, B., Sokolsky, O., Lee, I.: AS-TRUST: A trust characterization scheme for autonomous system in BGP. In: University of Pennsylvania Technical Report, MS-CIS-10-25 (August 2010)
Gao, L.: On inferring autonomous system relationships in the Internet. IEEE/ACM Trans. Netw. 9(6), 733–745 (2001)
Grandison, T., Sloman, M.: A survey of trust in Internet applications. IEEE Communications Surveys and Tutorials 3(4) (August 2000)
Hu, X., Mao, Z.M.: Accurate real-time identification of IP prefix hijacking. In: SP 2007: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pp. 3–17. IEEE Computer Society, Washington, DC (2007)
Josang, A., Ismail, R.: The beta reputation system. In: Proceedings of the 15th Bled Electronic Commerce Conference (2002)
Karlin, J., Forrest, S., Rexford, J.: Autonomous security for autonomous systems. Comput. Netw. 52(15), 2908–2923 (2008)
Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. In: Proc. of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 3–16 (2002)
Nicholes, M., Mukherjee, B.: A survey of security techniques for the Border Gateway Protocol (BGP). IEEE Communications Surveys and Tutorials 11(1) (First Quarter 2009)
Qiu, J., Gao, L., Ranjan, S., Nucci, A.: Detecting bogus BGP route information: Going beyond prefix hijacking. In: Third International Conference on Security and Privacy in Communications Networks and the Workshops, SecureComm 2007, pp. 381–390 (September 2007)
Qiu, S.Y., McDaniel, P.D., Monrose, F.: Toward valley-free inter-domain routing. In: IEEE International Conference on Communications, ICC 2007, pp. 2009–2016 (2007)
Qiu, T., Ji, L., Pei, D., Wang, J., Xu, J., Ballani, H.: Locating prefix hijackers using LOCK. In: 18th USENIX Security Symposium (August 2009)
Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. SIGCOMM Computation and Communication Review 36(4), 291–302 (2006)
Zhang, B., Liu, R., Massey, D., Zhang, L.: Collecting the Internet AS-level topology. SIGCOMM Comput. Commun. Rev. 35(1), 53–61 (2005)
Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: detecting IP prefix hijacking on my own. SIGCOMM Comput. Commun. Rev. 38(4), 327–338 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chang, J. et al. (2011). AS-TRUST: A Trust Quantification Scheme for Autonomous Systems in BGP. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-21599-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21598-8
Online ISBN: 978-3-642-21599-5
eBook Packages: Computer ScienceComputer Science (R0)