Comparing ingress and egress detection to secure interdomain routing: An experimental analysis

The global economy and society increasingly depends on computer networks linked together by the Internet. The importance of computer networks reaches far beyond the telecommunications sector since they have become a critical factor for many other crucial infrastructures and markets. With threats mounting and security incidents becoming more frequent, concerns about network security grow. It is an acknowledged fact that some of the most fundamental network protocols that make the Internet work are exposed to serious threats. One of them is the Border Gateway Protocol (BGP) which determines how Internet traffic is routed through the topology of administratively independent networks that the Internet is comprised of. Despite the existence of a steadily growing number of BGP security proposals, to date none of them has been adopted. Using a precise definition of BGP robustness we experimentally show that the degree of robustness is distributed unequally across the administrative domains of the Internet, the so-called Autonomous Systems (ASes). The experiments confirm the intuition that the contribution ASes are able to make towards securing the correct working of the inter-domain routing infrastructure by deploying countermeasures against routing attacks differ depending on their position in the AS topology. We also show that the degree of this asymmetry can be controlled by the choice of the security strategy. We compare the strengths and weaknesses of two fundamentally different approaches in increasing BGP's robustness which we termed ingress and egress detection of false route advertisements and indicate their implications. Our quantitative results have important implications for Internet security policy, in particular with respect to the crucial question where to start the deployment of which type of security scheme in order to maximize the Internet's robustness to routing attacks.

[1]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[2]  Anja Feldmann,et al.  Internet clean-slate design: what and why? , 2007, CCRV.

[3]  R. A. White,et al.  Deployment Considerations for Secure Origin BGP (soBGP) , 2003 .

[4]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[5]  George Varghese,et al.  Route flap damping exacerbates internet routing convergence , 2002, SIGCOMM '02.

[6]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[7]  Scott Shenker,et al.  Hidden-action in multi-hop routing , 2005, EC '05.

[8]  K. Schwalm National Strategy to Secure Cyberspace , 2006 .

[9]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.

[10]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[11]  Farnam Jahanian,et al.  Origins of Internet routing instability , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[12]  Daniel Massey,et al.  Detection of invalid routing announcement in the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[13]  Mark Handley,et al.  Towards a Next Generation Inter-domain Routing Protocol , 2004 .

[14]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[15]  Sean W. Smith,et al.  Efficient Security for BGP Route Announcements , 2003 .

[16]  Deborah Estrin,et al.  Persistent route oscillations in inter-domain routing , 2000, Comput. Networks.

[17]  David Meyer,et al.  The Generalized TTL Security Mechanism (GTSM) , 2004, RFC.

[18]  J. Rexford,et al.  A distributed reputation approach to cooperative Internet routing protection , 2005, 1st IEEE ICNP Workshop on Secure Network Protocols, 2005. (NPSec)..

[19]  Andrew M. Odlyzko Economics, Psychology, and Sociology of Security , 2003, Financial Cryptography.

[20]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[21]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[22]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[23]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[24]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocols , 2006, SIGMETRICS '06/Performance '06.

[25]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[26]  Deborah Estrin,et al.  The impact of routing policy on Internet paths , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[27]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.

[28]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM.

[29]  Nick Feamster,et al.  Guidelines for interdomain traffic engineering , 2003, CCRV.

[30]  Ramesh Govindan,et al.  Route flap damping exacerbates internet routing convergence , 2002, SIGCOMM 2002.

[31]  Jennifer Rexford,et al.  Don't Secure Routing Protocols, Secure Data Delivery , 2006, HotNets.