WANG Bin,AN Jin-liang,WU Chun-ming,LAN Ju-long

DOI: https://doi.org/10.3969/j.issn.1000-436x.2012.05.012

2012-01-01

Journal of Communications

Abstract:A new approach was studied for BGP security:SE-BGP.By analyzing the security of SE-BGP,was found it had some secure leaks which couldnt resist active attack.To solve these secure problems of SE-BGP,an AS-alliance-based secure BGP scheme :SA-BGP was proposed,which used the aggregate signatures algorithm based on RSA.The SA-BGP has strong ability of security that can effectively verify the propriety of IP prefix origination and verifies the validity of an AS to announce network layer reachability information (NLRI).SA-BGP can large-scale reduced the number of the used certificates.Performance evaluation results that SA-BGP can be implemented efficiently and the incurred overhead,in terms of time and space,ptable in practice.

Qi Li,Mingwei Xu,Jianping Wu,Xinwen Zhang,Patrick P. C. Lee,Ke Xu

DOI: https://doi.org/10.1109/tifs.2011.2177822

IF: 7.231

2011-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The weak trust model in Border Gateway Protocol (BGP) introduces severe vulnerabilities for Internet routing including active malicious attacks and unintended misconfigurations. Although various secure BGP solutions have been proposed, the complexity of security enforcement and data-plane attacks still remain open problems. We propose TBGP, a trusted BGP scheme aiming to achieve high authenticity of Internet routing with a simple and lightweight attestation mechanism. TBGP introduces a set of route update and withdrawal rules that, if correctly enforced by each router, can guarantee the authenticity and integrity of route information that is announced to other routers in the Internet. To verify this enforcement, an attestation service running on each router provides interfaces for a neighboring router to challenge the integrity of its routing stack, enforced rules, and the attestation service itself. If this attestation succeeds, the neighboring router updates its routing table or announces the route to its neighbors, following the same rules. Thus, a router on a routing path only needs to verify one neighbor's routing status to ensure that the route information is valid. Through this, TBGP builds a transitive trust relationship among all routers on a routing path. We implement a prototype of TBGP to investigate its practicality. In our implementation, we use identity-based signature and trusted computing techniques to further reduce the complexity of security operations. Our security analysis and performance study shows that TBGP can achieve the security goals of BGP with significantly better convergence performance and lower computation overhead than existing secure BGP solutions.

Qi Li,Jiajia Liu,Yih-Chun Hu,Mingwei Xu,Jianping Wu

DOI: https://doi.org/10.1109/mnet.2018.1800171

IF: 10.294

2019-01-01

IEEE Network

Abstract:The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Yang Xiang,Xingang Shi,Jianping Wu,Zhiliang Wang,Xia Yin

DOI: https://doi.org/10.1016/j.comnet.2012.11.019

2012-01-01

Abstract:The inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the reliability of the Internet routing system, but forged routes generated by malicious attacks or mis-configurations may devastate the system. The security problem of BGP has attracted considerable attention, and although several solutions have been proposed, none of them have been widely deployed due to weaknesses such as high computational cost or potential security compromise. This paper proposes Fast Secure BGP (FS-BGP), an efficient mechanism for securing AS paths and preventing prefix hijacking by signing critical AS path segments. We prove that FS-BGP can achieve a similar level of security as S-BGP, but with much higher efficiency. Our experiments use BGP UPDATE data collected from real backbone routers. Compared with S-BGP, FS-BGP only requires a very small cache, and can reduce the cost of signing and verification by orders of magnitude. Indeed, the signing and verification can be accomplished as fast as the most bursty BGP UPDATE arrivals, which implies that FS-BGP will hardly delay the propagation of routing information.

Jiang Li,Mingwei Xu,Zhuotao Liu,Zili Meng,Yuan Yang,Qi Li,Yangyang Wang

DOI: https://doi.org/10.2139/ssrn.4199288

2022-01-01

SSRN Electronic Journal

Abstract:The Internet has been evolving for decades with rapidly increasing parties, from thousands of Autonomous Systems (ASes) to hundreds of thousands of ASes nowadays.Unfortunately, the inter domain routing protocol, specifically the Border Gateway Protocol (BGP), is not designed to provide a reliable routing service for hundreds of thousands of ASes.In BGP, a minor misbehavior of AS operators (e.g., intentional attack or unintentional misconfiguration) will cause routing anomaly (e.g., prefix hijack and path manipulation) in a large scale. However, existing solutions to enhance BGP security face the trade-off between robustness against failures and effectiveness in providing real-time and accurate detection.To break the trade-off, we propose HyperBGP, which exploits the decentralization and trustworthiness features of blockchain. We design a blockchain to validate the integrity of a routing path from its upstream ASes, so that BGP will operate functionally as long as more than a half of ASes are functional.To make HyperBGP deployable in practice, we introduce several design blocks to improve the scalability, facilitate deployment and reduce resource consumption of HyperBGP.We implement the prototype and evaluate its security and performance. Our results demonstrate that HyperBGP is robust and effective at securing inter-domain routing against route anomaly and incurs negligible cost in performance.

LI Song,ZHUGE Jian-Wei,LI Xing

DOI: https://doi.org/10.3724/sp.j.1001.2013.04346

2013-01-01

Journal of Software

Abstract:BGP is a core Internet routing protocol.The Internet inter-domain routing relies on the exchange of BGP routing information.BGP has significant vulnerabilities,which have been found to cause problems such as prefix hijacking,route leak and Internet-targeted denial of service attack.First,by analyzing BGP route propagation and BGP routing policies,the fundamental flaw in the design of the protocol is revealed.The paper then discusses possible threats to BGP and presents a route leak model,which contributes to the description of its characteristics.Second,the existing defense mechanisms for BGP security are generalized,and their shortcomings are exposed.The paper then classifies various BGP security-enhancing technologies and studies them in detail to explore their advantages and disadvantages.Finally,the research trends of BGP security are discussed in this paper.

Xiaoliang Wang,Zhuotao Liu,Qi Li,Yangfei Guo,Sitong Ling,Jiangou Zhan,Yi Xu,Ke Xu,Jianping Wu

2023-11-09

Abstract:The Internet inter-domain routing system is vulnerable. On the control plane, the de facto Border Gateway Protocol (BGP) does not have built-in mechanisms to authenticate routing announcements, so an adversary can announce virtually arbitrary paths to hijack network traffic; on the data plane, it is difficult to ensure that actual forwarding path complies with the control plane decisions. The community has proposed significant research to secure the routing system. Yet, existing secure BGP protocols (e.g., BGPsec) are not incrementally deployable, and existing path authorization protocols are not compatible with the current Internet routing infrastructure. In this paper, we propose FC-BGP, the first secure Internet inter-domain routing system that can simultaneously authenticate BGP announcements and validate data plane forwarding in an efficient and incrementally-deployable manner. FC-BGP is built upon a novel primitive, name Forwarding Commitment, to certify an AS's routing intent on its directly connected hops. We analyze the security benefits of FC-BGP in the Internet at different deployment rates. Further, we implement a prototype of FC-BGP and extensively evaluate it over a large-scale overlay network with 100 virtual machines deployed globally. The results demonstrate that FC-BGP saves roughly 55% of the overhead required to validate BGP announcements compared with BGPsec, and meanwhile FC-BGP introduces a small overhead for building a globally-consistent view on the desirable forwarding paths.

Networking and Internet Architecture

Lijun Wang,Ke Xu,Jianping Wu

DOI: https://doi.org/10.1007/11919568_44

2006-01-01

Abstract: The present Internet is not trustworthy, partially because the routing system forwards packets only according to destination IP address. Forged packets with mendacious source IP address will also be brought to the destination, which can be utilized to compromise the destination machine. In this paper, we propose to enhance BGP by adding Route Selection Notice functionality. With BGP Route Selection Notice, Autonomous Systems can validate the authenticity of incoming IP packets and filter out improper packets to make routing infrastructure offer support to trustworthy service. BGP Route Selection Notice does not impair the routing function of BGP and with proper design its bandwidth cost and convergence delay is acceptable which is proved by our simulation.

Yan Yang,Xingang Shi,Qiang Ma,Yahui Li,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.1016/j.comnet.2022.108762

IF: 5.493

2022-01-01

Computer Networks

Abstract:Border Gateway Protocol (BGP), as the current de-facto routing protocol connecting various cooperating domains on the Internet, did not consider security when it was originally designed. With the expansion of the Internet, security is increasingly valued and many BGP enhancement mechanisms are proposed and experimented. Some of them like BGPsec have been standardized and promoted by the IETF. However, the deployment of these inter-domain secure routing mechanisms is subject to many economic and political restrictions. Consequently, there will be a long period of partial deployment, during which instability of BGP can be observed. Specifically, when some networks start deploying secure BGP mechanisms, they may be involved in some temporary or persistent route oscillations. In this paper, we systematically study the stability problem induced by partially deployed secure BGP mechanisms. We analyze the characteristics of topology and routing strategies when BGP oscillations will be introduced. In particular, we propose dispute chain, a derived structure of dispute wheel proposed in Griffin et al. (2002), to formally analyze this problem. Based on dispute chain, we analyze how different security adoption strategies can cause BGP oscillations under the general Gao–Rexford model. Our analysis shows that, even in a situation when there is no dispute wheel, dispute chains may widely appear, indicating that BGP oscillation problems will be introduced when security mechanisms are casually deployed, affecting the security and quality of inter-domain communications. To avoid possible oscillations, we also propose some deployment guidelines from different perspectives of the operator and the Internet, so that a wider deployment of security mechanisms will not blindly disrupt the Internet.

Qi Li,Xinwen Zhang,Xin Zhang,Purui Su

DOI: https://doi.org/10.1109/tdsc.2014.2345381

2015-01-01

Abstract:Border Gateway Protocol (BGP) is vulnerable to routing attacks because of the lack of inherent verification mechanism. Several secure BGP schemes have been proposed to prevent routing attacks by leveraging cryptographic verification of BGP routing updates. In this paper, we present a new type of attacks, called TIGER, which aims to invalidate the “proven” security of these secure BGP schemes and allow ASes to announce forged routes even under full deployment of any existing secure BGP proposal. By launching TIGER attacks, malicious ASes can easily generate and announce forged routes which can be successfully verified by the existing secure BGP schemes. Furthermore, TIGER attacks can evade existing routing anomaly detection schemes by guaranteeing routing data-plane availability and consistency of control- and data-plane. Toward a new securing BGP scheme, we propose Anti-TIGER to detect and defend against TIGER attacks. Anti-TIGER enables robust TIGER detection by collaborations between ASes. In particular, we leverage Spread Spectrum Communication technique to watermark certain special probing packets, which manifest the existence of TIGER attacks. Anti-TIGER does not require any modifications in routing data-plane, therefore it is easy to deploy and incrementally deployable. We evaluate the effectiveness of TIGER and Anti-TIGER by experiments with real AS topologies of the Internet. Our experiment results show that TIGER attacks can successfully hijack a considerable number of prefixes. In the meanwhile, Anti-TIGER can achieve 100 percent detection ratio of TIGER attacks.

Qi Li,Yih-Chun Hu,Xinwen Zhang

DOI: https://doi.org/10.14722/sent.2014.23001

2014-01-01

Abstract:The Border Gateway Protocol (BGP) suffers from numerous security vulnerabilities, which the BGPsec protocol is supposed to fix. In this paper, we argue that fundamental properties of BGP have inherent security vulnerabilities, and that a complete re-design of BGP is needed to achieve strong security guarantees.

Dan Pei,Lixia Zhang

2005-01-01

Abstract:At a fundamental level, all Internet applications rely on a dependable packet delivery service provided by the Internet routing system. However, measurements have shown that various faults (i.e., physical failures or misbehavior) occur from time to time in the Internet. For physical failures of routers or links, it takes existing Internet protocols 3 minutes on average to converge to alternative paths, resulting in interrupted packet delivery. For misbehavior (i.e., mis-configurations or malicious attacks) that could result in data traffic hijacking, current Internet routing protocols provide little defense. This dissertation studies how to build resilient Internet routing protocols to provide reliable packet delivery despite the faults in the context of Border Gateway Protocol (BGP). First, we evaluate the performance of the existing routing protocols in the face of physical failures, as measured by their ability to continue packet delivery service during routing convergence. Our results show that quickly propagating new reachability information has the most impact on the packet delivery performance. We also show that BGP's update rate-limiting timer is the major contributing factor to the duration of the transient loops. Second, to speed up BGP convergence and improve packet delivery, we propose the Root Cause Notification approach. This approach explicitly signals the failure information, which enables a node to invalidate all the paths that have become obsolete because of the same failure. It reduces the upper bound of BGP routing convergence delay from O(n) to O(d), where n is the number of nodes in a BGP network and d is the network diameter. We also develop a framework that enables us to fill the gaps in analytical results for existing convergence improvement algorithms. Third, we propose a novel semantic checking approach and develop mechanisms for detecting invalid paths in BGP and further identifying the attacker. In this approach, a node accumulates a network topology using the root cause in formation, path information in BGP message, and on-demand queries. A high detection ratio is achieved by comparing the received paths with the paths predicted based on the accumulated topology.

Henry Birge-Lee,Joel Wanner,Grace Cimaszewski,Jonghoon Kwon,Liang Wang,Francois Wirz,Prateek Mittal,Adrian Perrig,Yixin Sun

DOI: https://doi.org/10.48550/arXiv.2206.06879

2022-06-14

Networking and Internet Architecture

Abstract:Adversaries can exploit inter-domain routing vulnerabilities to intercept communication and compromise the security of critical Internet applications. Meanwhile the deployment of secure routing solutions such as Border Gateway Protocol Security (BGPsec) and Scalability, Control and Isolation On Next-generation networks (SCION) are still limited. How can we leverage emerging secure routing backbones and extend their security properties to the broader Internet? We design and deploy an architecture to bootstrap secure routing. Our key insight is to abstract the secure routing backbone as a virtual Autonomous System (AS), called Secure Backbone AS (SBAS). While SBAS appears as one AS to the Internet, it is a federated network where routes are exchanged between participants using a secure backbone. SBAS makes BGP announcements for its customers' IP prefixes at multiple locations (referred to as Points of Presence or PoPs) allowing traffic from non-participating hosts to be routed to a nearby SBAS PoP (where it is then routed over the secure backbone to the true prefix owner). In this manner, we are the first to integrate a federated secure non-BGP routing backbone with the BGP-speaking Internet. We present a real-world deployment of our architecture that uses SCIONLab to emulate the secure backbone and the PEERING framework to make BGP announcements to the Internet. A combination of real-world attacks and Internet-scale simulations shows that SBAS substantially reduces the threat of routing attacks. Finally, we survey network operators to better understand optimal governance and incentive models.

Guoqiang Zhang,Mingwei Xu,Jiang Li

DOI: https://doi.org/10.1109/IPCCC50635.2020.9391537

2020-01-01

Abstract:The Border Gateway Protocol (BGP) is the de facto standard interdomain routing protocol. A major problem affecting the operation of BGP is its failure to provide security guarantees. Despite some high-profile security extensions proposed, none of them has been largely deployed by Autonomous Systems (AS) in the global Internet. Previous studies show that three main factors hinder the adoption of BGP security solutions: limited benefits in partial deployment, computational overheads, and the trouble of coordinating among tens of thousands of independent ASes. In this paper, we present Neighbor Routes Validator (NRV), a lightweight prototype system of BGP security enhancement. Instead of depending on a single centralized authority, NRV focuses on neighboring ASes' self-driven collaborations that significantly reduce the scale of coordination. It aims to address real-world security issues of BGP and uses the privacy-preserving capability of Secure Multi-Party Computation (SMPC) to dispel ASes' privacy concerns. Security analyses and simulations demonstrate the feasibility of NRV, and we also argue that network operators have incentives to deploy it after weighing the pros and cons.

Zengyin Yang,Hewu Li,Qian Wu,Jianping Wu

DOI: https://doi.org/10.1109/pccc.2017.8280463

2017-01-01

Abstract:Future Space-Based Internet (FSBI) aims to provide global Internet access by interconnecting geosynchronous orbit (GEO), Medium Earth Orbit (MEO), Low Earth Orbit (LEO) satellites, and gateways on the ground. Border Gateway Protocol (BGP) is considered as a feasible routing protocol for interconnecting these independent facilities in FSBI. However, the vast Mobility-Related Topology Changes (MRTCs) in FSBI will put great stress on the BGP stability. We carry out a deep analysis on it and find that the routing updates of BGP will be triggered frequently. Many BGP routing updates will occur even before the accomplishment of previous updates and then the network will be instable for most of the time. To solve this problem, we build a Discrete-Time Topology Changes Aggregation (DT-TCA) scheme to improve BGP stability by making as many MRTCs as possible be triggered at the same time. Using a high-fidelity testbed and a virtualization-based emulator of FSBI, we show that DT-TCA dramatically improves the BGP stability in small-scale and large-scale scenarios.

Mingui Zhang,Bin Liu,Beichuan Zhang

DOI: https://doi.org/10.1109/infcom.2010.5462200

2010-01-01

Abstract:False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.

Jia-kun WANG,Lian-fang ZHANG,Zhao-peng MENG

DOI: https://doi.org/10.3969/j.issn.1002-2279.2006.03.010

2006-01-01

Microprocessors

Abstract:Border gateway protocol(BGP)is a kind of routing protocol which is widely used in inter-domain connection.its main function is exchange the reachable information between autonomy systems.BGP is a very robust and scalable routing protocol,as evidenced by the fact that BGP is the routing protocol employed on the Internet.To achieve scalability,BGP uses many route parameters,called attributes,to define routing policies and maintain a stable routing environment.this paper is a summary about the BGP,for example the problem of the security、route oscillation and so on,and the corresponding method of how to resolve it.

Li Qi,Xu Mingwei,Wu Jianping,Lee Patrick P. C.,Chiu Dah Ming

DOI: https://doi.org/10.1016/j.jpdc.2011.04.009

IF: 4.542

2011-01-01

Journal of Parallel and Distributed Computing

Abstract:The instability issues of the Border Gateway Protocol (BGP), such as route oscillations and path explorations, can decrease the performance of packet forwarding and place heavy workload on routers. While BGP instability has been extensively studied, existing solutions mainly solve individual instances of BGP instability. Thus, with the existing solutions, the route selection processes of ASes or routers may not realize the actual root cause of BGP instability and hence cannot effectively solve the BGP instability problem. In this paper, we propose a simple, integrated solution called stable BGP (stableBGP) that practically solve a general class of BGP instability issues, including route oscillations and path explorations. stableBGP seeks to adapt the route selection process to best address the root cause of route changes so that the route selection process can quickly stabilize. We formally prove that stableBGP can achieve BGP stability. Extensive simulation results show that in the link failure scenario, stableBGP significantly reduces the number of route changes, the convergence time, and the number of route update messages when compared to prior solutions. We also analyze the performance of stableBGP when it is partially deployed. Our work provides insights into developing a practical solution that addresses the BGP instability problem.

Zhonghui Li,Jilong Wang,Bin Tian

DOI: https://doi.org/10.1109/bmei.2010.5639308

2010-01-01

Abstract:As a result of the independence, opacity and complication of inter-domain routing policy deployment among different ASes, negative impact on global Internet might be introduced. By presenting one case occurred in TEIN2 backbone, we point out the potential performance and stability problems caused by inappropriate policy design and amendment, which might cause side effect on particular application, e.g. telemedicine. After studying the related works on inter-domain routing policy, we propose a distributed system, BGP-Grid, for BGP policy simulation and evaluation. Through the collaboration among participant ASes over BGP-Grid, the bi-directional performance outcome of routing policy design and amendment can be simulated and evaluated before deploying to actual routers, which allow us to find and solve any potential problem inside the policy in advance. According to the results of evaluation experiments, the effectiveness of optimization for overall performance based on BGP-Grid is confirmed.

Pang-Wei Tsai,Aris Cahyadi Risdianto,Meng Hui Choi,Satis Kumar Permal,Teck Chaw Ling

DOI: https://doi.org/10.3390/fi13070171

2021-06-30

Future Internet

Abstract:In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a lack of insurance in validating authority for announcing network layer reachability. Therefore, a distributed repository system known as Resource Public Key Infrastructure (RPKI) has been utilized to mitigate this issue. However, such a validation requires further deployment steps for Autonomous System (AS), and it might cause performance and compatibility problems in legacy network infrastructure. Nevertheless, with recent advancements in network innovation, some traditional networks are planning to be restructured with Software-Defined Networking (SDN) technology for gaining more benefits. By using SDN, Internet eXchange Point (IXP) is able to enhance its capability of management by applying softwarized control methods, acting as a Software-Defined eXchange (SDX) center to handle numerous advertisement adaptively. To use the SDN method to strengthen routing security of IXP, this paper proposed an alternative SDX development, SD-BROV, an SDX-based BGP Route Origin Validation mechanism that establishes a flexible route exchange scenario with RPKI validation. The validating application built in the SDN controller is capable of investigating received routing information. It aims to support hybrid SDN environments and help non-SDN BGP neighbors to get trusted routes and drop suspicious ones in transition. To verify proposed idea with emulated environment, the proof-of-concept development is deployed on an SDN testbed running over Research and Education Networks (RENs). During BGP hijacking experiment, the results show that developed SD-BROV is able to detect and stop legitimate traffic to be redirected by attacker, making approach to secure traffic forwarding on BGP routers.