Yi GUO,Haixin DUAN,Liancheng ZHANG,Han QIU

DOI: https://doi.org/10.1360/n112016-00160

2017-01-01

Abstract:BGP (border gateway protocol) based inter-domain routing systems play an important role in the Internet. However, the BGP has certain design flaws, which result in many serious security problems for inter-domain routing systems. Compared to traditional attacks, such as prefix hijacking, large-scale LDoS attacks against inter-domain routing systems are extremely hard to detect, which is reflected in its attack traffic and reactions appearing to be legal. The concealment of such attacks makes existing security solutions insufficient. In this paper, we first analyze the feasibility of utilizing similarity theory for assessing the security situations in inter-domain routing systems. We then propose a similarity-theory-based method for evaluating the security situations in inter-domain routing systems. It uses multiple characteristics to describe the system security situation collectively and evaluates the security situation by measuring the deviation degree of the security characteristics to their norms. Because the ability of each characteristic to represent different attacks is not the same, we make use of weighted similarity to assess the deviation of the fusion characteristics from their normal state at various times. Experimental results show that our method can perceive threats in their early stages, regardless of an inter-domain routing system suffering from control plan attacks or data plan attacks.

Bin Wang,Yunfei Guo,Julong Lan,Chunming Wu

DOI: https://doi.org/10.6138/jit.2010.11.5.09

2010-01-01

Abstract:The distance vector routing protocol is not able to deal with network failures effectively, which results a significant forwarding discontinuity after a failure. In order to improve the failure resiliency without jeopardizing routing stability, a fast network self-healing mechanism for the distance vector routing protocol (FS-DVP) is proposed. The new mechanism uses a reactive failure recovery strategy. Every node prepares multiple feasible next hops per destination. When nodes find the next hops unreachable, they will choose the best next hops from the set of backup next hops to forwarding data. Furthermore, FS-DVP uses the stability-based triggered routing update mechanism in the suppression of its failure notification for providing better stability for network. Finally, FS-DVP is applied to Routing Information Protocol (RIP), and the simulation performance show that it can effectively deal with the simultaneous failures of multiple arbitrary links and improve stability and availability of networks.

Xiaoliang Wang,Zhuotao Liu,Qi Li,Yangfei Guo,Sitong Ling,Jiangou Zhan,Yi Xu,Ke Xu,Jianping Wu

2023-11-09

Abstract:The Internet inter-domain routing system is vulnerable. On the control plane, the de facto Border Gateway Protocol (BGP) does not have built-in mechanisms to authenticate routing announcements, so an adversary can announce virtually arbitrary paths to hijack network traffic; on the data plane, it is difficult to ensure that actual forwarding path complies with the control plane decisions. The community has proposed significant research to secure the routing system. Yet, existing secure BGP protocols (e.g., BGPsec) are not incrementally deployable, and existing path authorization protocols are not compatible with the current Internet routing infrastructure. In this paper, we propose FC-BGP, the first secure Internet inter-domain routing system that can simultaneously authenticate BGP announcements and validate data plane forwarding in an efficient and incrementally-deployable manner. FC-BGP is built upon a novel primitive, name Forwarding Commitment, to certify an AS's routing intent on its directly connected hops. We analyze the security benefits of FC-BGP in the Internet at different deployment rates. Further, we implement a prototype of FC-BGP and extensively evaluate it over a large-scale overlay network with 100 virtual machines deployed globally. The results demonstrate that FC-BGP saves roughly 55% of the overhead required to validate BGP announcements compared with BGPsec, and meanwhile FC-BGP introduces a small overhead for building a globally-consistent view on the desirable forwarding paths.

Networking and Internet Architecture

XL Zhao,D Pei,L Wang,D Massey,A Mankin,SF Wu,LX Zhang

DOI: https://doi.org/10.1109/dsn.2002.1028887

2002-01-01

Abstract:Network measurement has shown that a specific IP address prefix may be announced by more than one autonomous system (AS), a phenomenon commonly referred to as Multiple Origin AS, or MOAS. MOAS can be due to either operational need to support multi-homing, or false route announcements due to configuration or implementation errors, or even by intentional attacks. Packets following such bogus routes will be either dropped or, in the case of an intentional attack, delivered to a machine of the attacker's choosing.This paper presents a protocol enhancement to BGP which enables BGP to detect bogus route announcements from false origins. Rather than imposing cryptography-based authentication and encryption to secure routing message exchanges, our solution makes use of the rich connectivity among ASes that exists in the Internet. Simulation results show that this simple solution can effectively detect false routing announcements even in the presence of multiple compromised routers, become more robust in larger topologies, and can substantially reduce the impact of false routing announcements even with a partial deployment.

Meng Meng,Ruijuan Zheng,Mingchuan Zhang,Junlong Zhu,Qingtao Wu

DOI: https://doi.org/10.1007/978-3-030-38961-1_12

2019-01-01

Abstract:The Border Gateway Protocol (BGP) is a vital protocol on the Internet. However, the BGP is susceptible against the prefix interception attack, how to seek a secure route against prefix interception attacks is an important problem. For this reason, we propose a novel and effective router selection method on the Internet. First, we evaluate resilience of autonomous systems against prefix interception attacks. Second, we evaluate security risk of next-hop routers and we also obtain the historical performance of next-hop routers via online learning. Finally, we compromise the two performance metrics of routers' resilience and historical performance to choose a secure route. Our method is verified by network simulations. The results show that the proposed method has more resilience against prefix interception attacks.

Yi Guo,Haixin Duan,Jikun Chen,Fu Miao

DOI: https://doi.org/10.1016/j.comnet.2016.09.017

IF: 5.493

2016-01-01

Computer Networks

Abstract:The BGP-based inter-domain routing system plays an important role in the Internet. However, the BGP has some design flaws, which result in many serious security problems for the inter-domain routing system. Recently there has been a new kind of LDoS attack against BGP sessions from data plane. Compared to traditional control plane threats, such as prefix hijacking, the new attack, BGP-LDoS exploits the vulnerability of adaptive mechanism of BGP and would trigger a wild range of cascading failure in inter domain routing system. Unfortunately, existing methods are difficult to detect this threat. To end this, we propose a method based on adaptive fusion of multi features to perceive security threats of inter domain routing system. Several statistics attributes of BGP routing information are firstly chosen to be security features. Then we establish a normal state sub-model for each security features and fuse them together to describe the normal state of the system by linear weighting. Since the fusion model represents the system security state very well, we can obtain the threat probability by computing the deviation of security features from their normal values. The experimental results show that the method can perceive not only control plane threats but also data plane threats of inter domain routing system.

Yang Xiang,Xingang Shi,Jianping Wu,Zhiliang Wang,Xia Yin

DOI: https://doi.org/10.1016/j.comnet.2012.11.019

2012-01-01

Abstract:The inter-domain routing protocol, Border Gateway Protocol (BGP), plays a critical role in the reliability of the Internet routing system, but forged routes generated by malicious attacks or mis-configurations may devastate the system. The security problem of BGP has attracted considerable attention, and although several solutions have been proposed, none of them have been widely deployed due to weaknesses such as high computational cost or potential security compromise. This paper proposes Fast Secure BGP (FS-BGP), an efficient mechanism for securing AS paths and preventing prefix hijacking by signing critical AS path segments. We prove that FS-BGP can achieve a similar level of security as S-BGP, but with much higher efficiency. Our experiments use BGP UPDATE data collected from real backbone routers. Compared with S-BGP, FS-BGP only requires a very small cache, and can reduce the cost of signing and verification by orders of magnitude. Indeed, the signing and verification can be accomplished as fast as the most bursty BGP UPDATE arrivals, which implies that FS-BGP will hardly delay the propagation of routing information.

Dan Pei,Lixia Zhang

2005-01-01

Abstract:At a fundamental level, all Internet applications rely on a dependable packet delivery service provided by the Internet routing system. However, measurements have shown that various faults (i.e., physical failures or misbehavior) occur from time to time in the Internet. For physical failures of routers or links, it takes existing Internet protocols 3 minutes on average to converge to alternative paths, resulting in interrupted packet delivery. For misbehavior (i.e., mis-configurations or malicious attacks) that could result in data traffic hijacking, current Internet routing protocols provide little defense. This dissertation studies how to build resilient Internet routing protocols to provide reliable packet delivery despite the faults in the context of Border Gateway Protocol (BGP). First, we evaluate the performance of the existing routing protocols in the face of physical failures, as measured by their ability to continue packet delivery service during routing convergence. Our results show that quickly propagating new reachability information has the most impact on the packet delivery performance. We also show that BGP's update rate-limiting timer is the major contributing factor to the duration of the transient loops. Second, to speed up BGP convergence and improve packet delivery, we propose the Root Cause Notification approach. This approach explicitly signals the failure information, which enables a node to invalidate all the paths that have become obsolete because of the same failure. It reduces the upper bound of BGP routing convergence delay from O(n) to O(d), where n is the number of nodes in a BGP network and d is the network diameter. We also develop a framework that enables us to fill the gaps in analytical results for existing convergence improvement algorithms. Third, we propose a novel semantic checking approach and develop mechanisms for detecting invalid paths in BGP and further identifying the attacker. In this approach, a node accumulates a network topology using the root cause in formation, path information in BGP message, and on-demand queries. A high detection ratio is achieved by comparing the received paths with the paths predicted based on the accumulated topology.

Lijun Wang,Ke Xu,Jianping Wu

DOI: https://doi.org/10.1007/11919568_44

2006-01-01

Abstract: The present Internet is not trustworthy, partially because the routing system forwards packets only according to destination IP address. Forged packets with mendacious source IP address will also be brought to the destination, which can be utilized to compromise the destination machine. In this paper, we propose to enhance BGP by adding Route Selection Notice functionality. With BGP Route Selection Notice, Autonomous Systems can validate the authenticity of incoming IP packets and filter out improper packets to make routing infrastructure offer support to trustworthy service. BGP Route Selection Notice does not impair the routing function of BGP and with proper design its bandwidth cost and convergence delay is acceptable which is proved by our simulation.

Yi Guo,Zhenxing Wang,Shaopeng Luo,Yu Wang

DOI: https://doi.org/10.1002/dac.1307

2011-07-27

International Journal of Communication Systems

Abstract:SUMMARY There have been many researches on border gateway protocol (BGP) security, most of which mainly focused on how to enhance the security of the BGP protocol or the interdomain routing system. However, few works studied the vulnerabilities especially the production mechanism of security events in the interdomain routing system. It takes many obstacles to understand and improve the security of the interdomain routing system. This paper explores the cascading failure phenomenon of the interdomain routing system. First, we devise a state machine to describe the state transition of BGP nodes and then give a detailed analysis of the BGP failure. Second, on the basis of the preferential attachment characteristic, we propose a cascading failure model for the interdomain routing system, which depicts the production mechanism of cascading failure, and introduce two evaluating indicators, the proportion of failed nodes and the proportion of failed links, to assess the scale of cascading failure. Furthermore, we apply the cascading failure model to display two different cascading failure scenes. The experimental results show that random failure has less influence on the interdomain routing system, while its robustness against hostile attack is weak. Copyright ©2011 John Wiley & Sons, Ltd.

telecommunications,engineering, electrical & electronic

Guoqiang Zhang,Mingwei Xu,Jiang Li

DOI: https://doi.org/10.1109/IPCCC50635.2020.9391537

2020-01-01

Abstract:The Border Gateway Protocol (BGP) is the de facto standard interdomain routing protocol. A major problem affecting the operation of BGP is its failure to provide security guarantees. Despite some high-profile security extensions proposed, none of them has been largely deployed by Autonomous Systems (AS) in the global Internet. Previous studies show that three main factors hinder the adoption of BGP security solutions: limited benefits in partial deployment, computational overheads, and the trouble of coordinating among tens of thousands of independent ASes. In this paper, we present Neighbor Routes Validator (NRV), a lightweight prototype system of BGP security enhancement. Instead of depending on a single centralized authority, NRV focuses on neighboring ASes' self-driven collaborations that significantly reduce the scale of coordination. It aims to address real-world security issues of BGP and uses the privacy-preserving capability of Secure Multi-Party Computation (SMPC) to dispel ASes' privacy concerns. Security analyses and simulations demonstrate the feasibility of NRV, and we also argue that network operators have incentives to deploy it after weighing the pros and cons.

Sun Letong,Shi Xingang,Han Fengyan,Yin Xia,Wang Zhiliang,Zhang Han

2024-01-21

Abstract:In inter-domain routing, a packet is not always forwarded along the Autonomous System (AS) level path determined by the BGP routing protocol. This is often called control-plane and data-plane (CD) mismatch, which allows for flexible traffic control, but also leads to operation and security issues. We systematically analyze this phenomenon with path pairs collected from 128 pairs of vantage points over more than 5 years, and use multiple IP-to-AS mapping methods to compare CD paths. What is interesting is that, working at such a large scale in turn helps us design a novel method to fairly evaluate the accuracy of various existing mapping methods, and further develop a new mapping method, i.e., LearnToCorrect, that can correct more than 70\% mapping errors of the state-of-the-art one. Then we devise to identify real mismatches with LearnToCorrect, and estimate that the real-mismatch ratio in the wild is typically less than 6\%. At last, we use our proposed methods to detect routing security issues, which are previously difficult to accurately find out.

Networking and Internet Architecture

Mingui Zhang,Bin Liu,Beichuan Zhang

DOI: https://doi.org/10.1109/infcom.2010.5462200

2010-01-01

Abstract:False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.

Qi Li,Jiajia Liu,Yih-Chun Hu,Mingwei Xu,Jianping Wu

DOI: https://doi.org/10.1109/mnet.2018.1800171

IF: 10.294

2019-01-01

IEEE Network

Abstract:The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Song Li,Haixin Duan,Zhiliang Wang,Jinjin Liang,Xing Li

DOI: https://doi.org/10.1007/s11432-015-5490-8

2016-01-01

Science China Information Sciences

Abstract:Previous research in interdomain routing security has often focused on prefix hijacking. However,several prefix interception events have happened lately, which poses a new security challenge to the interdomain routing system. Compared to prefix hijacking, prefix interception is much harder to detect, as it avoids black hole by forwarding the hijacked traffic back to the victim. In this paper, we present a novel method to detect prefix interception. Our approach exploits a key observation about prefix interception: during a prefix interception event, the attacker detours the intercepted traffic through its network, which turns it into a new important"transit point" for access to the victim. By collecting data plane information to detect the emerging "transit point" and using control plane information to verify it, our scheme can identify prefix interception in real time.The results of Internet experiments and Internet-scale simulations show that our method is accurate with low false alarm rate(0.28%) and false negative rate(2.26%).

Meng Meng,Ruijuan Zheng,Ruxi Peng,Junlong Zhu,Mingchuan Zhang,Qingtao Wu

DOI: https://doi.org/10.1016/j.robot.2020.103556

IF: 3.7

2020-01-01

Robotics and Autonomous Systems

Abstract:In human–robot cooperation, the information interaction plays a key role. Most of the information interaction rely on Border Gateway Protocol (BGP), which is a vital route protocol on networks. However, the BGP is susceptible to the prefix interception attacks because the rightful origin of each prefix cannot be verified in BGP. For this reason, we propose a novel and effective route selection method against prefix interception attacks, which combines the resilience of routers and the historical performance of routers to choose a secure route. Moreover, we estimate the performance of BGP by introducing the definition of resilience and the historical performance of routers via online learning against the prefix interception attack. Furthermore, we analyze the bound of regret and obtain O(T) regret, where T denotes the time horizon. In addition, the proposed method is verified both on synthetic data and network simulations. The results show that the proposed method has more resilience against prefix interception attacks than Counter-Raptor.

李琦,吴建平,徐明伟,徐恪,张新文

DOI: https://doi.org/10.3724/sp.j.1016.2009.00506

2009-01-01

Chinese Journal of Computers

Abstract:Inter-domain routing(BGP) directly influences availability of Internet routing which may be disrupted by misconfigured or malicious BGP updates.Although several secure solutions have been proposed to resolve the BGP security problem,they have many design drawbacks(e.g.,large router resource consumption).Considered the design and performance of secure BGP,this paper proposes a Good-Enough-Security BGP(GesBGP).Identity-based signature(IBS) algorithm presented in GesBGP guarantees the authenticity of BGP routes in the help of Trusted Computing(TC) technology.The presented IBS can effectively eliminate the centralized public key infrastructure(PKI) and resolve the problem of public key certificate distribution and restoration.Furthermore,GesBGP does not only rely on cryptography functions provided by IBS.BGP attestation service integrated in GesBGP prevents router from malicious change radically and thus builds strong trust relationship between different routers.In the optimized GesBGP,BGP security rules are enforced and the cumulated signature in original GesBGP is eliminated.The security analysis and performance study show that the optimized GesBGP improves the performance of GesBGP while achieving the goal of BGP security at the same time.

Song Li,Hai-Xin Duan,Zhiliang Wang,Xing Li

DOI: https://doi.org/10.1007/978-3-319-28865-9_17

2015-01-01

Abstract:Route leaks have become an important security problem of inter-domain routing. Operators increasingly suffer from large-scale or small-scale route leak incidents in recent years. Route leaks can redirect traffic to unintended networks, which puts the traffic at risk of Man-in-the-Middle attack. Unlike other security threats such as prefix hijacking that advertises bogus BGP route, route leaks announce routes which are true but in violation of routing policies to BGP neighbors. Since the routing policies are usually kept confidential, detecting route leaks in the Internet is a challenging problem. In this paper, we reveal a link between routing loops and route leaks. We find that some route leaks may cause routing loops. Hence detecting routing loops is expected to be able to identify route leaks. We provide theoretical analysis to confirm the expectation, and further propose a detection mechanism which can identify the leaked route as well as the perpetrator AS. Our mechanism does not require information about routing policies. It passively monitors BGP routes to detect route leaks and hence it is lightweight and easy to deploy. The evaluation results show that our mechanism can detect a lot of route leaks that occur in the Internet per day.

Yihao Chen,Qilei Yin,Qi Li,Zhuotao Liu,Ke Xu,Yi Xu,Mingwei Xu,Ziqian Liu,Jianping Wu

2024-02-25

Abstract:BGP is the de facto inter-domain routing protocol to ensure global connectivity of the Internet. However, various reasons, such as deliberate attacks or misconfigurations, could cause BGP routing anomalies. Traditional methods for BGP routing anomaly detection require significant manual investigation of routes by network operators. Although machine learning has been applied to automate the process, prior arts typically impose significant training overhead (such as large-scale data labeling and feature crafting), and only produce uninterpretable results. To address these limitations, this paper presents a routing anomaly detection system centering around a novel network representation learning model named BEAM. The core design of BEAM is to accurately learn the unique properties (defined as \emph{routing role}) of each Autonomous System (AS) in the Internet by incorporating BGP semantics. As a result, routing anomaly detection, given BEAM, is reduced to a matter of discovering unexpected routing role churns upon observing new route announcements. We implement a prototype of our routing anomaly detection system and extensively evaluate its performance. The experimental results, based on 18 real-world RouteViews datasets containing over 11 billion route announcement records, demonstrate that our system can detect all previously-confirmed routing anomalies, while only introducing at most five false alarms every 180 million route announcements. We also deploy our system at a large ISP to perform real-world detection for one month. During the course of deployment, our system detects 497 true anomalies in the wild with an average of only 1.65 false alarms per day.

Networking and Internet Architecture

Bin Wang,ChunMing Wu,Qiang Yang,Pan Lai,JuLong Lan,YunFei Guo

DOI: https://doi.org/10.1007/s11432-012-4659-7

2014-01-01

Science China Information Sciences

Abstract:Distance vector routing protocols have been widely adopted as an efficient routing mechanism in current Internet, and many wireless networks. However, as is well-known, the existing distance vector routing protocols are insecure as it lacks of effective authorization mechanisms and routing updates aggregated from other routers. As a result, the network routing-based attacks become a critical issue which could lead to a more deteriorate performance than other general network attacks. To efficiently address this issue, this paper, through analyzing the routing model and its security aspect, and presents a novel approach on guaranteeing the routing security. Based on the model, we present the security mechanism including the message exchange and update message security authentication mechanism. The suggested approach shows that the security mechanism can effectively verify the integrity and validate the freshness of routing update messages received from neighbor nodes. In comparison with exiting mechanisms (SDV, S-RIP etc), the proposed model provides enhanced security without introducing significant network overheads and complexity.