WANG Bin,AN Jin-liang,WU Chun-ming,LAN Ju-long

DOI: https://doi.org/10.3969/j.issn.1000-436x.2012.05.012

2012-01-01

Journal of Communications

Abstract:A new approach was studied for BGP security:SE-BGP.By analyzing the security of SE-BGP,was found it had some secure leaks which couldnt resist active attack.To solve these secure problems of SE-BGP,an AS-alliance-based secure BGP scheme :SA-BGP was proposed,which used the aggregate signatures algorithm based on RSA.The SA-BGP has strong ability of security that can effectively verify the propriety of IP prefix origination and verifies the validity of an AS to announce network layer reachability information (NLRI).SA-BGP can large-scale reduced the number of the used certificates.Performance evaluation results that SA-BGP can be implemented efficiently and the incurred overhead,in terms of time and space,ptable in practice.

Meng Meng,Ruijuan Zheng,Mingchuan Zhang,Junlong Zhu,Qingtao Wu

DOI: https://doi.org/10.1007/978-3-030-38961-1_12

2019-01-01

Abstract:The Border Gateway Protocol (BGP) is a vital protocol on the Internet. However, the BGP is susceptible against the prefix interception attack, how to seek a secure route against prefix interception attacks is an important problem. For this reason, we propose a novel and effective router selection method on the Internet. First, we evaluate resilience of autonomous systems against prefix interception attacks. Second, we evaluate security risk of next-hop routers and we also obtain the historical performance of next-hop routers via online learning. Finally, we compromise the two performance metrics of routers' resilience and historical performance to choose a secure route. Our method is verified by network simulations. The results show that the proposed method has more resilience against prefix interception attacks.

Zhonghui Li,Jilong Wang,Bin Tian

DOI: https://doi.org/10.1109/bmei.2010.5639308

2010-01-01

Abstract:As a result of the independence, opacity and complication of inter-domain routing policy deployment among different ASes, negative impact on global Internet might be introduced. By presenting one case occurred in TEIN2 backbone, we point out the potential performance and stability problems caused by inappropriate policy design and amendment, which might cause side effect on particular application, e.g. telemedicine. After studying the related works on inter-domain routing policy, we propose a distributed system, BGP-Grid, for BGP policy simulation and evaluation. Through the collaboration among participant ASes over BGP-Grid, the bi-directional performance outcome of routing policy design and amendment can be simulated and evaluated before deploying to actual routers, which allow us to find and solve any potential problem inside the policy in advance. According to the results of evaluation experiments, the effectiveness of optimization for overall performance based on BGP-Grid is confirmed.

Henry Birge-Lee,Joel Wanner,Grace Cimaszewski,Jonghoon Kwon,Liang Wang,Francois Wirz,Prateek Mittal,Adrian Perrig,Yixin Sun

DOI: https://doi.org/10.48550/arXiv.2206.06879

2022-06-14

Networking and Internet Architecture

Abstract:Adversaries can exploit inter-domain routing vulnerabilities to intercept communication and compromise the security of critical Internet applications. Meanwhile the deployment of secure routing solutions such as Border Gateway Protocol Security (BGPsec) and Scalability, Control and Isolation On Next-generation networks (SCION) are still limited. How can we leverage emerging secure routing backbones and extend their security properties to the broader Internet? We design and deploy an architecture to bootstrap secure routing. Our key insight is to abstract the secure routing backbone as a virtual Autonomous System (AS), called Secure Backbone AS (SBAS). While SBAS appears as one AS to the Internet, it is a federated network where routes are exchanged between participants using a secure backbone. SBAS makes BGP announcements for its customers' IP prefixes at multiple locations (referred to as Points of Presence or PoPs) allowing traffic from non-participating hosts to be routed to a nearby SBAS PoP (where it is then routed over the secure backbone to the true prefix owner). In this manner, we are the first to integrate a federated secure non-BGP routing backbone with the BGP-speaking Internet. We present a real-world deployment of our architecture that uses SCIONLab to emulate the secure backbone and the PEERING framework to make BGP announcements to the Internet. A combination of real-world attacks and Internet-scale simulations shows that SBAS substantially reduces the threat of routing attacks. Finally, we survey network operators to better understand optimal governance and incentive models.

Jian Wu

2002-01-01

Abstract:Policy based routing affects the efficiency and security of the Internet transfer of sensitive financial information and is one of the most important features of Border Gateway Protocol Version 4 (BGP 4). Policy based routing was evaluated using the basic relations between autonomous systems (AS). Definitions were given to describe the attributes of the route, the policy, and the conformance relation between the behavior of the border gateway and the policies. The two main types of policy violations were classified as leaking and penetration. The active testing and the passive testing were combined to achieve ideal coverage. Actual tests verified the validity of the analysis and provied guidance for network management.

Guoqiang Zhang,Mingwei Xu,Jiang Li

DOI: https://doi.org/10.1109/IPCCC50635.2020.9391537

2020-01-01

Abstract:The Border Gateway Protocol (BGP) is the de facto standard interdomain routing protocol. A major problem affecting the operation of BGP is its failure to provide security guarantees. Despite some high-profile security extensions proposed, none of them has been largely deployed by Autonomous Systems (AS) in the global Internet. Previous studies show that three main factors hinder the adoption of BGP security solutions: limited benefits in partial deployment, computational overheads, and the trouble of coordinating among tens of thousands of independent ASes. In this paper, we present Neighbor Routes Validator (NRV), a lightweight prototype system of BGP security enhancement. Instead of depending on a single centralized authority, NRV focuses on neighboring ASes' self-driven collaborations that significantly reduce the scale of coordination. It aims to address real-world security issues of BGP and uses the privacy-preserving capability of Secure Multi-Party Computation (SMPC) to dispel ASes' privacy concerns. Security analyses and simulations demonstrate the feasibility of NRV, and we also argue that network operators have incentives to deploy it after weighing the pros and cons.

Ben A. Scott,Michael N. Johnstone,Patryk Szewczyk

DOI: https://doi.org/10.3390/s24196414

IF: 3.9

2024-10-03

Sensors

Abstract:The Internet's default inter-domain routing system, the Border Gateway Protocol (BGP), remains insecure. Detection techniques are dominated by approaches that involve large numbers of features, parameters, domain-specific tuning, and training, often contributing to an unacceptable computational cost. Efforts to detect anomalous activity in the BGP have been almost exclusively focused on single observable monitoring points and Autonomous Systems (ASs). BGP attacks can exploit and evade these limitations. In this paper, we review and evaluate categories of BGP attacks based on their complexity. Previously identified next-generation BGP detection techniques remain incapable of detecting advanced attacks that exploit single observable detection approaches and those designed to evade public routing monitor infrastructures. Advanced BGP attack detection requires lightweight, rapid capabilities with the capacity to quantify group-level multi-viewpoint interactions, dynamics, and information. We term this approach advanced BGP anomaly detection. This survey evaluates 178 anomaly detection techniques and identifies which are candidates for advanced attack anomaly detection. Preliminary findings from an exploratory investigation of advanced BGP attack candidates are also reported.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qi Li,Jiajia Liu,Yih-Chun Hu,Mingwei Xu,Jianping Wu

DOI: https://doi.org/10.1109/mnet.2018.1800171

IF: 10.294

2019-01-01

IEEE Network

Abstract:The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Mingui Zhang,Bin Liu,Beichuan Zhang

DOI: https://doi.org/10.1109/infcom.2010.5462200

2010-01-01

Abstract:False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.

Qi Li,Xinwen Zhang,Xin Zhang,Purui Su

DOI: https://doi.org/10.1109/tdsc.2014.2345381

2015-01-01

Abstract:Border Gateway Protocol (BGP) is vulnerable to routing attacks because of the lack of inherent verification mechanism. Several secure BGP schemes have been proposed to prevent routing attacks by leveraging cryptographic verification of BGP routing updates. In this paper, we present a new type of attacks, called TIGER, which aims to invalidate the “proven” security of these secure BGP schemes and allow ASes to announce forged routes even under full deployment of any existing secure BGP proposal. By launching TIGER attacks, malicious ASes can easily generate and announce forged routes which can be successfully verified by the existing secure BGP schemes. Furthermore, TIGER attacks can evade existing routing anomaly detection schemes by guaranteeing routing data-plane availability and consistency of control- and data-plane. Toward a new securing BGP scheme, we propose Anti-TIGER to detect and defend against TIGER attacks. Anti-TIGER enables robust TIGER detection by collaborations between ASes. In particular, we leverage Spread Spectrum Communication technique to watermark certain special probing packets, which manifest the existence of TIGER attacks. Anti-TIGER does not require any modifications in routing data-plane, therefore it is easy to deploy and incrementally deployable. We evaluate the effectiveness of TIGER and Anti-TIGER by experiments with real AS topologies of the Internet. Our experiment results show that TIGER attacks can successfully hijack a considerable number of prefixes. In the meanwhile, Anti-TIGER can achieve 100 percent detection ratio of TIGER attacks.

Alex A. Stewart,Marta F. Antoszkiewicz

DOI: https://doi.org/10.48550/arXiv.0908.0175

2009-08-03

Networking and Internet Architecture

Abstract:The Border Gateway Protocol (BGP) is an important component in today's IP network infrastructure. As the main routing protocol of the Internet, clear understanding of its dynamics is crucial for configuring, diagnosing and debugging Internet routing problems. Despite the increase in the services that BGP provide such as MPLS VPNs, there is no much progress achieved in automating the BGP management tasks. In this paper we discuss some of the problems encountered by network engineers when managing BGP networks. We also describe some of the open source tools and methods that attempt to resolve these issues. Then we present some of the features that, if implemented, will ease BGP management related tasks.

LI Song,ZHUGE Jian-Wei,LI Xing

DOI: https://doi.org/10.3724/sp.j.1001.2013.04346

2013-01-01

Journal of Software

Abstract:BGP is a core Internet routing protocol.The Internet inter-domain routing relies on the exchange of BGP routing information.BGP has significant vulnerabilities,which have been found to cause problems such as prefix hijacking,route leak and Internet-targeted denial of service attack.First,by analyzing BGP route propagation and BGP routing policies,the fundamental flaw in the design of the protocol is revealed.The paper then discusses possible threats to BGP and presents a route leak model,which contributes to the description of its characteristics.Second,the existing defense mechanisms for BGP security are generalized,and their shortcomings are exposed.The paper then classifies various BGP security-enhancing technologies and studies them in detail to explore their advantages and disadvantages.Finally,the research trends of BGP security are discussed in this paper.

Lan Wang,Xiaoliang Zhao,Dan Pei,Randy Bush,Daniel Massey,Allison Mankin,S. Felix Wu,Lixia Zhang

DOI: https://doi.org/10.1145/637201.637231

2002-01-01

Abstract:Despite BGP's critical importance as the de-facto Internet inter-domain routing protocol, there is little understanding of how BGP actually performs under stressful conditions when dependable routing is most needed. In this paper, we examine BGP's behavior during one stressful period, the Code Red/Nimda attack on September 18, 2001. The attack was correlated with a 30-fold increase in the BGP update messages at a monitoring point which peers with a number of Internet service providers. Our examination of BGP's behavior during the event concludes that BGP exhibited no significant abnormality, and that over 40% of the observed updates can be attributed to the monitoring artifact in current BGP measurement settings. Our analysis, however, does reveal several weak points in both the protocol and its implementation, such as BGP's sensitivity to the transport session reliability, its inability to avoid the global propagation of small local changes, and its certain implementation features whose otherwise benign effects only get amplified under stressful conditions. We also identify areas for improvement in the current network measurement and monitoring effort.

Henry Birge-Lee,Maria Apostolaki,Jennifer Rexford

2024-08-19

Abstract:As the deployment of comprehensive Border Gateway Protocol (BGP) security measures is still in progress, BGP monitoring continues to play a critical role in protecting the Internet from routing attacks. Fundamentally, monitoring involves observing BGP feeds to detect suspicious announcements and taking defensive action. However, BGP monitoring relies on seeing the malicious BGP announcement in the first place! In this paper, we develop a novel attack that can hide itself from all state-of-the-art BGP monitoring systems we tested while affecting the entire Internet. The attack involves launching a sub-prefix hijack with the RFC-specified NO_EXPORT community attached to prevent networks with the malicious route installed from sending the route to BGP monitoring systems. We study the viability of this attack at four tier-1 networks and find all networks we studied were vulnerable to the attack. Finally, we propose a mitigation that significantly improves the robustness of the BGP monitoring ecosystem. Our paper aims to raise awareness of this issue and offer guidance to providers to protect against such attacks.

Cryptography and Security,Networking and Internet Architecture

Yan Yang,Xingang Shi,Qiang Ma,Yahui Li,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.1016/j.comnet.2022.108762

IF: 5.493

2022-01-01

Computer Networks

Abstract:Border Gateway Protocol (BGP), as the current de-facto routing protocol connecting various cooperating domains on the Internet, did not consider security when it was originally designed. With the expansion of the Internet, security is increasingly valued and many BGP enhancement mechanisms are proposed and experimented. Some of them like BGPsec have been standardized and promoted by the IETF. However, the deployment of these inter-domain secure routing mechanisms is subject to many economic and political restrictions. Consequently, there will be a long period of partial deployment, during which instability of BGP can be observed. Specifically, when some networks start deploying secure BGP mechanisms, they may be involved in some temporary or persistent route oscillations. In this paper, we systematically study the stability problem induced by partially deployed secure BGP mechanisms. We analyze the characteristics of topology and routing strategies when BGP oscillations will be introduced. In particular, we propose dispute chain, a derived structure of dispute wheel proposed in Griffin et al. (2002), to formally analyze this problem. Based on dispute chain, we analyze how different security adoption strategies can cause BGP oscillations under the general Gao–Rexford model. Our analysis shows that, even in a situation when there is no dispute wheel, dispute chains may widely appear, indicating that BGP oscillation problems will be introduced when security mechanisms are casually deployed, affecting the security and quality of inter-domain communications. To avoid possible oscillations, we also propose some deployment guidelines from different perspectives of the operator and the Internet, so that a wider deployment of security mechanisms will not blindly disrupt the Internet.

Meng Meng,Ruijuan Zheng,Ruxi Peng,Junlong Zhu,Mingchuan Zhang,Qingtao Wu

DOI: https://doi.org/10.1016/j.robot.2020.103556

IF: 3.7

2020-01-01

Robotics and Autonomous Systems

Abstract:In human–robot cooperation, the information interaction plays a key role. Most of the information interaction rely on Border Gateway Protocol (BGP), which is a vital route protocol on networks. However, the BGP is susceptible to the prefix interception attacks because the rightful origin of each prefix cannot be verified in BGP. For this reason, we propose a novel and effective route selection method against prefix interception attacks, which combines the resilience of routers and the historical performance of routers to choose a secure route. Moreover, we estimate the performance of BGP by introducing the definition of resilience and the historical performance of routers via online learning against the prefix interception attack. Furthermore, we analyze the bound of regret and obtain O(T) regret, where T denotes the time horizon. In addition, the proposed method is verified both on synthetic data and network simulations. The results show that the proposed method has more resilience against prefix interception attacks than Counter-Raptor.

Maria Apostolaki,Ankit Singla,Laurent Vanbever

DOI: https://doi.org/10.1145/3482898.3483366

2021-10-11

Abstract:Internet routing can often be sub-optimal, with the chosen routes providing worse performance than other available policy-compliant routes. This stems from the lack of visibility into route performance at the network layer. While this is an old problem, we argue that recent advances in programmable hardware finally open up the possibility of performance-aware routing in a deployable, BGP-compatible manner. We introduce RouteScout, a hybrid hardware/software system supporting performance-based routing at ISP scale. In the data plane, RouteScoutleverages P4-enabled hardware to monitor performance across policy-compliant route choices for each destination, at line-rate and with a small memory footprint. RouteScout'scontrol plane then asynchronously pulls aggregated performance metrics to synthesize a performance-aware forwarding policy. We show that RouteScoutcan monitor performance across most of an ISP's traffic, using only 4 MB of memory. Further, its control can flexibly satisfy a variety of operator objectives, with sub-second operating times.

Tony Miu Tung,Chenxu Wang,Jinhe Wang

DOI: https://doi.org/10.1007/978-3-030-02744-5_34

2018-01-01

Abstract:Distributed Denial of Service attacks has been one of the most challenges faced by the Internet for decades. Recently, DDoS protection services (DPS) have risen up to mitigate large-scale DDoS attacks by diverting the vast malicious traffic against the victims to affordable networks. One common approach is to reroute the traffic through the change of BGP policies, which may cause abnormal BGP routing dynamics. However, little is known about such behaviors and the consequences. To fill this gap, in this paper, we conduct the first study on the behaviors of BGP-based DPS through two steps. First, we propose a machine learning based approach to identify DDoS events because there usually lacks data for characterizing real DDoS events. Second, We design a new algorithm to analyze the behavior of DPS against typical DDoS attacks. In the case study of real DDoS attacks, we carefully analyze the policies used to mitigate the attacks and obtain several meaningful findings. This research sheds light on the design of effective DDoS attack mitigation schemes.

Lancheng Qin,Li Chen,Dan Li,Honglin Ye,Yutian Wang

DOI: https://doi.org/10.14722/ndss.2024.24214

2024-01-01

Abstract:BGP hijacking is one of the most important threats to routing security.To improve the reliability and availability of inter-domain routing, a lot of work has been done to defend against BGP hijacking, and Route Origin Validation (ROV) has become the best current practice.However, although the Mutually Agreed Norms for Routing Security (MANRS) has been encouraging network operators to at least validate announcements of their customers, recent research indicates that a large number of networks still do not fully deploy ROV or propagate illegitimate announcements of their customers.To understand ROV deployment in the real world and why network operators are not following the action proposed by MANRS, we make a long-term measurement for ROV deployment and further find that many non-compliant networks may deploy ROV only at part of customer interfaces, or at provider or peer interfaces.Then, we present the first notification experiment to investigate the impact of notifications on ROV remediation.However, our analysis indicates that none of the notification treatments has a significant effect.After that, we conduct a survey among network operators and find that economical and technical problems are the two major classes of reasons for non-compliance.Seeking a realistic ROV deployment strategy, we perform large-scale simulations, and, to our surprise, find that not following MANRS Action 1 can lead to better defence of prefix hijacking.Finally, with all our findings, we provide practical recommendations and outline future directions to help promote ROV deployment.

Pang-Wei Tsai,Aris Cahyadi Risdianto,Meng Hui Choi,Satis Kumar Permal,Teck Chaw Ling

DOI: https://doi.org/10.3390/fi13070171

2021-06-30

Future Internet

Abstract:In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a lack of insurance in validating authority for announcing network layer reachability. Therefore, a distributed repository system known as Resource Public Key Infrastructure (RPKI) has been utilized to mitigate this issue. However, such a validation requires further deployment steps for Autonomous System (AS), and it might cause performance and compatibility problems in legacy network infrastructure. Nevertheless, with recent advancements in network innovation, some traditional networks are planning to be restructured with Software-Defined Networking (SDN) technology for gaining more benefits. By using SDN, Internet eXchange Point (IXP) is able to enhance its capability of management by applying softwarized control methods, acting as a Software-Defined eXchange (SDX) center to handle numerous advertisement adaptively. To use the SDN method to strengthen routing security of IXP, this paper proposed an alternative SDX development, SD-BROV, an SDX-based BGP Route Origin Validation mechanism that establishes a flexible route exchange scenario with RPKI validation. The validating application built in the SDN controller is capable of investigating received routing information. It aims to support hybrid SDN environments and help non-SDN BGP neighbors to get trusted routes and drop suspicious ones in transition. To verify proposed idea with emulated environment, the proof-of-concept development is deployed on an SDN testbed running over Research and Education Networks (RENs). During BGP hijacking experiment, the results show that developed SD-BROV is able to detect and stop legitimate traffic to be redirected by attacker, making approach to secure traffic forwarding on BGP routers.