Journal ArticleDOI
A framework for resilient Internet routing protocols
Dan Pei,Lixia Zhang,Dan Massey +2 more
Reads0
Chats0
TLDR
This analysis shows that although individual defense mechanisms may effectively guard against specific faults, no single fence can counter all faults, and a resilient Internet routing infrastructure calls for integrating techniques from cryptographic protection mechanisms, statistical anomaly detection, protocol syntax checking, and protocol semantics checking to build a multifence defense system.Abstract:
At a fundamental level, all Internet-based applications rely on a dependable packet delivery service provided by the Internet routing infrastructure. However, the Internet is a large-scale complex loosely coupled distributed system made of many imperfect components. Faults of varying-scale and severity occur from time to time. In this paper we survey the research efforts over the years aimed at enhancing the dependability of the routing infrastructure. To provide a comprehensive overview of the various efforts, we first introduce a threat model based on known threats, then sketch out a defense framework, and put each of the existing efforts at appropriate places in the framework based on the faults and attacks against which it can defend. Our analysis shows that although individual defense mechanisms may effectively guard against specific faults, no single fence can counter all faults. Thus, a resilient Internet routing infrastructure calls for integrating techniques from cryptographic protection mechanisms, statistical anomaly detection, protocol syntax checking, and protocol semantics checking to build a multifence defense system.read more
Citations
More filters
Journal ArticleDOI
A Survey of BGP Security Issues and Solutions
TL;DR: This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security, exploring the limitations and advantages of proposed security extensions to B GP, and explaining why no solution has yet struck an adequate balance between comprehensive security and deployment cost.
A Survey of BGP Security Issues and Solutions The Border Gateway Protocol (BGP) controls much of Internet traffic, but is vulnerable to communications interruptions and failures; finding suitable improved security measures with acceptable costs is difficult.
TL;DR: The limitations and advantages of proposed security extensions to BGP, and why no solution has yet struck an adequate balance betweencomprehensive security anddeployment cost as discussed by the authors.
Proceedings Article
PHAS: a prefix hijack alert system
TL;DR: This paper presents a new Prefix Hijack Alert System (PHAS), a real-time notification system that alerts prefix owners when their BGP origin changes, and illustrates the effectiveness of PHAS and evaluates its overhead using BGP logs collected from RouteViews.
Proceedings ArticleDOI
SPV: secure path vector routing for securing BGP
TL;DR: An efficient cryptographic mechanism that relies only on symmetric cryptographic primitives to guard an ASPATH from alteration is designed, and the Secure Path Vector (SPV) protocol is proposed, which is around 22 times faster.
References
More filters
A Border Gateway Protocol 4 (BGP-4)
Yakov Rekhter,T. Li +1 more
TL;DR: This document, together with its companion document, "Application of the Border Gateway Protocol in the Internet", define an inter- autonomous system routing protocol for the Internet.
OSPF Version 2
TL;DR: This memo documents version 2 of the OSPF protocol, a link-state routing protocol designed to be run internal to a single Autonomous System.
Book
Secrets and Lies: Digital Security in a Networked World
TL;DR: This book argues that modern systems have so many components and connections-some of them not even known by the systems' designers, implementers, or users-that insecurities always remain, and that the world was full of bad security systems designed by people who read Applied Cryptography.
Journal ArticleDOI
Delayed Internet routing convergence
TL;DR: This paper presents a two-year study of Internet routing convergence through the experimental instrumentation of key portions of the Internet infrastructure, including both passive data collection and fault-injection machines at Internet exchange points, and describes several unexpected properties of convergence.
Journal ArticleDOI
Secure Border Gateway Protocol (S-BGP)
Stephen Kent,Charles Lynn,K. Seo +2 more
TL;DR: A secure, scalable, deployable architecture (S-BGP) for an authorization and authentication system that addresses most of the security problems associated with BGP is described.