XL Zhao,D Pei,L Wang,D Massey,A Mankin,SF Wu,LX Zhang

DOI: https://doi.org/10.1109/dsn.2002.1028887

2002-01-01

Abstract:Network measurement has shown that a specific IP address prefix may be announced by more than one autonomous system (AS), a phenomenon commonly referred to as Multiple Origin AS, or MOAS. MOAS can be due to either operational need to support multi-homing, or false route announcements due to configuration or implementation errors, or even by intentional attacks. Packets following such bogus routes will be either dropped or, in the case of an intentional attack, delivered to a machine of the attacker's choosing.This paper presents a protocol enhancement to BGP which enables BGP to detect bogus route announcements from false origins. Rather than imposing cryptography-based authentication and encryption to secure routing message exchanges, our solution makes use of the rich connectivity among ASes that exists in the Internet. Simulation results show that this simple solution can effectively detect false routing announcements even in the presence of multiple compromised routers, become more robust in larger topologies, and can substantially reduce the impact of false routing announcements even with a partial deployment.

Wenjie Xu,Deliang Chang,Xing Li

2019-01-01

Abstract:BGP is the default inter-domain routing protocol in today's Internet, but has serious security vulnerabilities [1]. One of them is (sub)prefix hijacking. IETF standardizes RPKI to validate the AS origin but RPKI has a lot of problems [2] [3] [4] [5], among which is potential false alarm. Although some previous work [4] [2] points it out explicitly or implicitly, further measurement and analysis remain to be done. Our work measures and analyzes the invalid prefixes systematically. We first classify the invalid prefixes into six different types and then analyze their stability. We show that a large proportion of the invalid prefixes very likely result from traffic engineering, IP address transfer and failing to aggregate rather than real hijackings.

Yan Yang,Xingang Shi,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.1109/trustcom.2016.0068

2016-01-01

Abstract:The correct functioning of inter-domain routing is of vital importance to the ever expanding Internet. As a common threat to the Internet, prefix hijackings often hijack traffic destined to some Autonomous Systems(ASes), leading to routing black holes or traffic interception. In this paper, we study two typical categories of prefix hijackings, namely false origin hijacking and man-in-the-middle interception, by extensive simulations. Our simulations are based on a new model which takes both the hierarchical Internet structure and the AS connectivity degrees into consideration. With this model, we explore the attacking/hijacking power of different ASes and their resisting power to this attack, where different categories of hijackings exhibit different characteristics. In addition, we also confirm that our results still hold considering various factors in the real Internet, including hidden links, prefix distribution, and RPKI, a countermeasure to prefix hijackings that is undergoing an active deployment in inter-domain routing. Some explanations and case studies are given to help better understanding of our results, which we hope will facilitate the deployment of RPKI and inspire new research.

Peng Su,Zhengping Wu

DOI: https://doi.org/10.1007/978-90-481-9151-2_90

2010-01-01

Abstract:Although Border Gateway Protocol (BGP) is broadly used among autonomous systems (ASes), the topology of peer autonomous systems is often mysterious to some Internet Service Providers (ISPs) or administrative domains. With unknown routing policies of BGP neighbors and their uplink ASes, it is uneasy to make a proper design when building a multihoming environment. Sometimes it may even cause congestion problems. Some mistakenly announced prefixes of ASes over the Internet will continuously increase routing table and deteriorate policy-based routing. This paper analyzes the adjacency relationships of ASes over the entire Internet and their announced prefixes. Using this information, our prototype system can automatically identify the more appropriate access point for individual ASes, depict the relations among ASes, and provide decision support to manage the improper address spaces over the Internet.

Meng Meng,Ruijuan Zheng,Ruxi Peng,Junlong Zhu,Mingchuan Zhang,Qingtao Wu

DOI: https://doi.org/10.1016/j.robot.2020.103556

IF: 3.7

2020-01-01

Robotics and Autonomous Systems

Abstract:In human–robot cooperation, the information interaction plays a key role. Most of the information interaction rely on Border Gateway Protocol (BGP), which is a vital route protocol on networks. However, the BGP is susceptible to the prefix interception attacks because the rightful origin of each prefix cannot be verified in BGP. For this reason, we propose a novel and effective route selection method against prefix interception attacks, which combines the resilience of routers and the historical performance of routers to choose a secure route. Moreover, we estimate the performance of BGP by introducing the definition of resilience and the historical performance of routers via online learning against the prefix interception attack. Furthermore, we analyze the bound of regret and obtain O(T) regret, where T denotes the time horizon. In addition, the proposed method is verified both on synthetic data and network simulations. The results show that the proposed method has more resilience against prefix interception attacks than Counter-Raptor.

Xingang Shi,Yang Xiang,Zhiliang Wang,Xia Yin,Jianping Wu

DOI: https://doi.org/10.1145/2398776.2398779

2012-01-01

Abstract:Border Gateway Protocol (BGP) plays a critical role in the Internet inter-domain routing reliability. Invalid routes generated by mis-configurations or forged by malicious attacks may hijack the traffic and devastate the Internet routing system, but it is unlikely that a secure BGP can be deployed in the near future to completely prevent them. Although many hijacking detection systems have been developed, they more or less have weaknesses such as long detection delay, high false alarm rate and deployment difficulty, and no systematic detection results have been studied. This paper proposes Argus, an agile system that can accurately detect prefix hijackings and deduce the underlying cause of route anomalies in a very fast way. Argus is based on correlating the control and data plane information closely and pervasively, and has been continuously monitoring the Internet for more than one year. During this period, around 40K routing anomalies were detected, from which 220 stable prefix hijackings were identified. Our analysis on these events shows that, hijackings that have only been theoretically studied before do exist in the Internet. Although the frequency of new hijackings is nearly stable, more specific prefixes are hijacked more frequently. Around 20% of the hijackings last less than ten minutes, and some can pollute 90% of the Internet in less than two minutes. These characteristics make \emph{Argus} especially useful in practice. We further analyze some representative cases in detail to help increase the understanding of prefix hijackings in the Internet.

Yu Zhang,Ricardo Oliveira,Hongli Zhang,Lixia Zhang

DOI: https://doi.org/10.1007/978-3-642-12334-4_10

2010-01-01

Abstract:Although traceroute has the potential to discover AS links that are invisible to existing BGP monitors, it is well known that the common approach for mapping router IP address to AS number (IP2AS) based on the longest prefix matching is highly error-prone. In this paper we conduct a systematic investigation into the potential errors of the IP2AS mapping for AS topology inference. In comparing traceroute-derived AS paths and BGP AS paths, we take a novel approach of identifying mismatch fragments between each path pair. We then identify the origin and cause of each mismatch with a systematic set of tests based on publicly available data sets. Our results show that about 60% of mismatches are due to IF address sharing between peering BGP routers in neighboring ASes, and only about 14% of the mismatches are caused by the presence of IXPs, siblings, or prefixes with multiple origin ASes. This result helps clarify an argument that comes from previous work regarding the major cause of errors in converting traceroute paths to AS paths. Our results also show that between 16% and 47% of AS adjacencies in two public repositories for traceroute-derived topology are false.

Yan Yang,Xia Yin,Xingang Shi,Zhiliang Wang,Jiong He,Tom Z. J. Fu,Marianne Winslett

DOI: https://doi.org/10.1016/j.comnet.2019.06.017

IF: 5.493

2019-01-01

Computer Networks

Abstract:As autonomous systems tend to forward packets along the path with minimal routing cost, Internet routes are unevenly distributed on physical links. Links which a large number of routes go through are called routing bottlenecks. Flooding such routing bottlenecks can degrade or even cut off the network connectivity in a large area, making them a serious vulnerability of the Internet. In this paper, we study the characteristics of inter-domain routing bottlenecks and point out that they can be further aggravated by manipulating BGP updates to launch prefix hijackings. We first simulate large quantities of AS-level routing paths to illustrate the pervasiveness of inter-domain routing bottlenecks, as well as their direction, topological location, distance and concentration. Then, we propose a method for measuring and aggravating inter-domain bottlenecks of some AS, such that link flooding on them can be effectively amplified in a stealthy way. Moreover, adversary can adjust the specific method according to its purpose of malicious behaviour. At last, we discuss how inter-domain routing bottlenecks may be affected as the Internet evolves, where we witness the new, or wider, deployment of some routing related mechanisms.

Lijun Wang,Ke Xu,Jianping Wu

DOI: https://doi.org/10.1007/11919568_44

2006-01-01

Abstract: The present Internet is not trustworthy, partially because the routing system forwards packets only according to destination IP address. Forged packets with mendacious source IP address will also be brought to the destination, which can be utilized to compromise the destination machine. In this paper, we propose to enhance BGP by adding Route Selection Notice functionality. With BGP Route Selection Notice, Autonomous Systems can validate the authenticity of incoming IP packets and filter out improper packets to make routing infrastructure offer support to trustworthy service. BGP Route Selection Notice does not impair the routing function of BGP and with proper design its bandwidth cost and convergence delay is acceptable which is proved by our simulation.

Pekka Rantala,Seppo Virtanen,Jouni Isoaho

DOI: https://doi.org/10.5121/ijcnc.2011.3301

2011-05-27

Abstract:The current Internet is based on a fundamental assumption of reliability and good intent among actors in the network. Unfortunately, unreliable and malicious behaviour is becoming a major obstacle for Internet communication. In order to improve the trustworthiness and reliability of the network infrastructure, we propose a novel trust model to be incorporated into BGP routing. In our approach, trust model is defined by combining voting and recommendation to direct trust estimation for neighbour routers located in different autonomous systems. We illustrate the impact of our approach with cases that demonstrate the indication of distrusted paths beyond the nearest neighbours and the detection of a distrusted neighbour advertising a trusted path. We simulated the impact of weighting voted and direct trust in a rectangular grid of 15*15 nodes (autonomous systems) with a randomly connected topology.

Networking and Internet Architecture

Yang Xiang,Xingang Shi,Jianping Wu,Zhiliang Wang,Xia Yin

DOI: https://doi.org/10.1016/j.comnet.2012.11.019

2012-01-01

Abstract:The inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the reliability of the Internet routing system, but forged routes generated by malicious attacks or mis-configurations may devastate the system. The security problem of BGP has attracted considerable attention, and although several solutions have been proposed, none of them have been widely deployed due to weaknesses such as high computational cost or potential security compromise. This paper proposes Fast Secure BGP (FS-BGP), an efficient mechanism for securing AS paths and preventing prefix hijacking by signing critical AS path segments. We prove that FS-BGP can achieve a similar level of security as S-BGP, but with much higher efficiency. Our experiments use BGP UPDATE data collected from real backbone routers. Compared with S-BGP, FS-BGP only requires a very small cache, and can reduce the cost of signing and verification by orders of magnitude. Indeed, the signing and verification can be accomplished as fast as the most bursty BGP UPDATE arrivals, which implies that FS-BGP will hardly delay the propagation of routing information.

Yu Zhang,Ricardo Oliveira,Yangyang Wang,Shen Su,Baobao Zhang,Jun Bi,Hongli Zhang,Lixia Zhang

DOI: https://doi.org/10.1109/jsac.2011.111007

IF: 16.4

2011-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Although traceroute has the potential to discover AS links that are invisible to existing BGP monitors, it is well known that the common approach for mapping router IP addresses to AS numbers based on BGP routing tables is highly error-prone. We develop a systematic framework to quantify the potential errors of traceroute measurement in AS-level topology inference. In comparing traceroute-derived AS paths with BGP AS paths, we take a novel approach to identifying mismatched path segments and then inferring the causes of these mismatches through a set of tests. Our results show that about 60% of mismatches are due to routers using IP addresses belonging to peering neighbors. This result helps settle a debate in previous works regarding the major cause of errors in traceroute measurement. With the approximate ground truth of the ASes with BGP monitors inside, we identify the inaccuracy of publicly available traceroute-derived topology datasets and find that between 8% and 42% of AS adjacencies on the monitored ASes are false. With a new method to characterize AS links, we show that the derived (false) links between Tier-1/large ISPs and their customers' customers appear more frequently than real links do.

Meng Meng,Ruijuan Zheng,Mingchuan Zhang,Junlong Zhu,Qingtao Wu

DOI: https://doi.org/10.1007/978-3-030-38961-1_12

2019-01-01

Abstract:The Border Gateway Protocol (BGP) is a vital protocol on the Internet. However, the BGP is susceptible against the prefix interception attack, how to seek a secure route against prefix interception attacks is an important problem. For this reason, we propose a novel and effective router selection method on the Internet. First, we evaluate resilience of autonomous systems against prefix interception attacks. Second, we evaluate security risk of next-hop routers and we also obtain the historical performance of next-hop routers via online learning. Finally, we compromise the two performance metrics of routers' resilience and historical performance to choose a secure route. Our method is verified by network simulations. The results show that the proposed method has more resilience against prefix interception attacks.

Qi Li,Mingwei Xu,Jianping Wu,Xinwen Zhang,Patrick P. C. Lee,Ke Xu

DOI: https://doi.org/10.1109/tifs.2011.2177822

IF: 7.231

2011-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The weak trust model in Border Gateway Protocol (BGP) introduces severe vulnerabilities for Internet routing including active malicious attacks and unintended misconfigurations. Although various secure BGP solutions have been proposed, the complexity of security enforcement and data-plane attacks still remain open problems. We propose TBGP, a trusted BGP scheme aiming to achieve high authenticity of Internet routing with a simple and lightweight attestation mechanism. TBGP introduces a set of route update and withdrawal rules that, if correctly enforced by each router, can guarantee the authenticity and integrity of route information that is announced to other routers in the Internet. To verify this enforcement, an attestation service running on each router provides interfaces for a neighboring router to challenge the integrity of its routing stack, enforced rules, and the attestation service itself. If this attestation succeeds, the neighboring router updates its routing table or announces the route to its neighbors, following the same rules. Thus, a router on a routing path only needs to verify one neighbor's routing status to ensure that the route information is valid. Through this, TBGP builds a transitive trust relationship among all routers on a routing path. We implement a prototype of TBGP to investigate its practicality. In our implementation, we use identity-based signature and trusted computing techniques to further reduce the complexity of security operations. Our security analysis and performance study shows that TBGP can achieve the security goals of BGP with significantly better convergence performance and lower computation overhead than existing secure BGP solutions.

Dan Pei,Lixia Zhang

2005-01-01

Abstract:At a fundamental level, all Internet applications rely on a dependable packet delivery service provided by the Internet routing system. However, measurements have shown that various faults (i.e., physical failures or misbehavior) occur from time to time in the Internet. For physical failures of routers or links, it takes existing Internet protocols 3 minutes on average to converge to alternative paths, resulting in interrupted packet delivery. For misbehavior (i.e., mis-configurations or malicious attacks) that could result in data traffic hijacking, current Internet routing protocols provide little defense. This dissertation studies how to build resilient Internet routing protocols to provide reliable packet delivery despite the faults in the context of Border Gateway Protocol (BGP). First, we evaluate the performance of the existing routing protocols in the face of physical failures, as measured by their ability to continue packet delivery service during routing convergence. Our results show that quickly propagating new reachability information has the most impact on the packet delivery performance. We also show that BGP's update rate-limiting timer is the major contributing factor to the duration of the transient loops. Second, to speed up BGP convergence and improve packet delivery, we propose the Root Cause Notification approach. This approach explicitly signals the failure information, which enables a node to invalidate all the paths that have become obsolete because of the same failure. It reduces the upper bound of BGP routing convergence delay from O(n) to O(d), where n is the number of nodes in a BGP network and d is the network diameter. We also develop a framework that enables us to fill the gaps in analytical results for existing convergence improvement algorithms. Third, we propose a novel semantic checking approach and develop mechanisms for detecting invalid paths in BGP and further identifying the attacker. In this approach, a node accumulates a network topology using the root cause in formation, path information in BGP message, and on-demand queries. A high detection ratio is achieved by comparing the received paths with the paths predicted based on the accumulated topology.

WANG Bin,AN Jin-liang,WU Chun-ming,LAN Ju-long

DOI: https://doi.org/10.3969/j.issn.1000-436x.2012.05.012

2012-01-01

Journal of Communications

Abstract:A new approach was studied for BGP security:SE-BGP.By analyzing the security of SE-BGP,was found it had some secure leaks which couldnt resist active attack.To solve these secure problems of SE-BGP,an AS-alliance-based secure BGP scheme :SA-BGP was proposed,which used the aggregate signatures algorithm based on RSA.The SA-BGP has strong ability of security that can effectively verify the propriety of IP prefix origination and verifies the validity of an AS to announce network layer reachability information (NLRI).SA-BGP can large-scale reduced the number of the used certificates.Performance evaluation results that SA-BGP can be implemented efficiently and the incurred overhead,in terms of time and space,ptable in practice.

Tomas Hlavacek,Haya Shulman,Niklas Vogel,Michael Waidner

2023-03-21

Abstract:IP prefix hijacks allow adversaries to redirect and intercept traffic, posing a threat to the stability and security of the Internet. To prevent prefix hijacks, networks should deploy RPKI and filter bogus BGP announcements with invalid routes. In this work we evaluate the impact of RPKI deployments on the security and resilience of the Internet. We aim to understand which networks filter invalid routes and how effective that filtering is in blocking prefix hijacks. We extend previous data acquisition and analysis methodologies to obtain more accurate identification of networks that filter invalid routes with RPKI. We find that more than 27% of networks enforce RPKI filtering and show for the first time that deployments follow the business incentives of inter-domain routing: providers have an increased motivation to filter in order to avoid losing customers' traffic. Analyzing the effectiveness of RPKI, we find that the current trend to deploy RPKI on routeservers of Internet Exchange Points (IXPs) only provides a localized protection against hijacks but has negligible impact on preventing their spread globally. In contrast, we show that RPKI filtering in Tier-1 providers greatly benefits the security of the Internet as it limits the spread of hijacks to a localized scope. Based on our observations, we provide recommendations on the future roadmap of RPKI deployment. We make our datasets available for public use [<a class="link-external link-https" href="https://sit4.me/rpki" rel="external noopener nofollow">this https URL</a>].

Networking and Internet Architecture,Cryptography and Security

Weiyi Liu,Qing Jiang,Gaolei Fei,Mingkai Yuan,Guangmin Hu

DOI: https://doi.org/10.48550/arxiv.1512.03916

2015-01-01

Abstract:In the last decade many works has been done on the Internet topology at router or autonomous system (AS) level. As routers is the essential composition of ASes while ASes dominate the behavior of their routers. It is no doubt that identifying the affiliation between routers and ASes can let us gain a deeper understanding on the topology. However, the existing methods that assign a router to an AS just based on the origin ASes of its IP addresses, which does not make full use of information in our hand. In this paper, we propose a methodology to assign routers to their owner ASes based on community discovery tech. First, we use the origin ASes information along with router-pairs similarities to construct a weighted router level topology, secondly, for enormous topology data (more than 2M nodes and 19M edges) from CAIDA ITDK project, we propose a fast hierarchy clustering which time and space complex are both linear to do ASes community discovery, last we do router-to-AS mapping based on these ASes communities. Experiments show that combining with ASes communities our methodology discovers, the best accuracy rate of router-to-AS mapping can reach to 82.62 that stagnate on 65.44

Sun Letong,Shi Xingang,Han Fengyan,Yin Xia,Wang Zhiliang,Zhang Han

2024-01-21

Abstract:In inter-domain routing, a packet is not always forwarded along the Autonomous System (AS) level path determined by the BGP routing protocol. This is often called control-plane and data-plane (CD) mismatch, which allows for flexible traffic control, but also leads to operation and security issues. We systematically analyze this phenomenon with path pairs collected from 128 pairs of vantage points over more than 5 years, and use multiple IP-to-AS mapping methods to compare CD paths. What is interesting is that, working at such a large scale in turn helps us design a novel method to fairly evaluate the accuracy of various existing mapping methods, and further develop a new mapping method, i.e., LearnToCorrect, that can correct more than 70\% mapping errors of the state-of-the-art one. Then we devise to identify real mismatches with LearnToCorrect, and estimate that the real-mismatch ratio in the wild is typically less than 6\%. At last, we use our proposed methods to detect routing security issues, which are previously difficult to accurately find out.

Networking and Internet Architecture

Song Li,Haixin Duan,Zhiliang Wang,Jinjin Liang,Xing Li

DOI: https://doi.org/10.1007/s11432-015-5490-8

2016-01-01

Science China Information Sciences

Abstract:Previous research in interdomain routing security has often focused on prefix hijacking. However,several prefix interception events have happened lately, which poses a new security challenge to the interdomain routing system. Compared to prefix hijacking, prefix interception is much harder to detect, as it avoids black hole by forwarding the hijacked traffic back to the victim. In this paper, we present a novel method to detect prefix interception. Our approach exploits a key observation about prefix interception: during a prefix interception event, the attacker detours the intercepted traffic through its network, which turns it into a new important"transit point" for access to the victim. By collecting data plane information to detect the emerging "transit point" and using control plane information to verify it, our scheme can identify prefix interception in real time.The results of Internet experiments and Internet-scale simulations show that our method is accurate with low false alarm rate(0.28%) and false negative rate(2.26%).