SEM: A Security Evaluation Model for Inter-domain Routing System in the Internet

Since the lack of necessary security mechanisms, the Internet's inter-domain routing system, mainly based on the Border Gateway Protocol (BGP), inevitably faces with serious security threats. Although there are many researches focus on the security of inter-domain routing and BGP, few people have quantified the routing security of the current BGP system effectively. Moreover, Internet operators do need useful information to judge security threats of their autonomous systems (ASes) and BGP routers. In this paper, we propose a security evaluation model, SEM, to assess security threats of the routing system. The basic idea of SEMis simple, namely, the security status of the whole system rests with its parts'. In addition, we quantify security threats status of the routing information from RouteViews using our model. The experimental results show that the model can provide intuitive security threat indices for BGP routers, various ASes and the BGP system respectively, and further more, it can provide valuable, intuitional curve for Internet operators.

[1]  Jennifer Rexford,et al.  A Survey of BGP Security , 2005 .

[2]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[3]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[4]  Jia Wang,et al.  Towards an accurate AS-level traceroute tool , 2003, SIGCOMM '03.

[5]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[6]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[7]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[8]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[9]  Daniel Massey,et al.  Protecting BGP routes to top level DNS servers , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[10]  Nick Feamster,et al.  An empirical study of "bogon" route advertisements , 2005, CCRV.

[11]  Tony Tauber,et al.  BGP Security Requirements , 2008 .

[12]  Daniel Massey,et al.  Collecting the internet AS-level topology , 2005, CCRV.

[13]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[14]  Christopher Krügel,et al.  Topology-Based Detection of Anomalous BGP Messages , 2003, RAID.

[15]  William A. Wulf,et al.  TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT , 1997 .

[16]  Olivier Bonaventure,et al.  Open issues in interdomain routing: a survey , 2005, IEEE Network.

[17]  Daniel Massey,et al.  Detection of invalid routing announcement in the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[18]  Guan Xiaohong,et al.  Quantitative Hierarchical Threat Evaluation Model for Network Security , 2006 .