A survey on the recent efforts of the Internet Standardization Body for securing inter-domain routing

The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol in the Internet, thus it plays a crucial role in current communications. Unfortunately, it was conceived without any internal security mechanism, and hence is prone to a number of vulnerabilities and attacks that can result in large scale outages in the Internet. In light of this, securing BGP has been an active research area since its adoption. Several security strategies, ranging from a complete replacement of the protocol up to the addition of new features in it were proposed, but only minor tweaks have found the pathway to be adopted. More recently, the IETF Secure Inter-Domain Routing (SIDR) Working Group (WG) has put forward several recommendations to secure BGP. In this paper, we survey the efforts of the SIDR WG including, the Resource Public Key Infrastructure (RPKI), Route Origin Authorizations (ROAs), and BGP Security (BGPSEC), for securing the BGP protocol. We also discuss the post SIDR inter-domain routing unresolved security challenges along with the deployment and adoption challenges of SIDR's proposals. Furthermore, we shed light on future research directions in managing the broader security issues in inter-domain routing. The paper is targeted to readers from the academic and industrial communities that are not only interested in an updated article accounting for the recent developments made by the Internet standardization body toward securing BGP (i.e., by the IETF), but also for an analytical discussion about their pros and cons, including promising research lines as well.

[1]  Nick Feamster,et al.  Network-Wide Prediction of BGP Routes , 2007, IEEE/ACM Transactions on Networking.

[2]  Stephen T. Kent,et al.  Threat Model for BGP Path Security , 2014, RFC.

[3]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[4]  Tarik Cicic,et al.  On Update Rate-Limiting in BGP , 2011, 2011 IEEE International Conference on Communications (ICC).

[5]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[6]  Sharon Goldberg,et al.  BGP security in partial deployment: is the juice worth the squeeze? , 2013, SIGCOMM.

[7]  Rohit Dube,et al.  A comparison of scaling techniques for BGP , 1999, CCRV.

[8]  David Ward,et al.  Securing BGPv4 using IPsec , 2002 .

[9]  Andrew B. Whinston,et al.  Reengineering the internet for better security , 2007, Computer.

[10]  Farnam Jahanian,et al.  Internet routing instability , 1997, SIGCOMM '97.

[11]  Renata Teixeira,et al.  A measurement framework for pin-pointing routing changes , 2004, NetT '04.

[12]  Stewart Bryant,et al.  Internet Engineering Task Force (IETF) , 2015 .

[13]  Kotikalapudi Sriram,et al.  Enhancement to BGPSEC for Protection against Route Leaks , 2014 .

[14]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[15]  Alexandra Boldyreva,et al.  Provable security of S-BGP and other path vector protocols: model, analysis and extensions , 2012, IACR Cryptol. ePrint Arch..

[16]  Nick Feamster,et al.  Some Foundational Problems in Interdomain Routing , 2004 .

[17]  Stefan Savage,et al.  Fatih: detecting and isolating malicious routers , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[18]  Sharon Goldberg,et al.  Let the market drive deployment: a strategy for transitioning to BGP security , 2011, SIGCOMM.

[19]  Anja Feldmann,et al.  Locating internet routing instabilities , 2004, SIGCOMM 2004.

[20]  Jennifer Rexford,et al.  MIRO: multi-path interdomain routing , 2006, SIGCOMM 2006.

[21]  Randy H. Katz,et al.  Characterizing the Internet hierarchy from multiple vantage points , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[22]  Lixia Zhang,et al.  Quantifying Path Exploration in the Internet , 2006, IEEE/ACM Transactions on Networking.

[23]  John W. Stewart,et al.  BGP4 : inter-domain routing in the Internet , 1998 .

[24]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[25]  Danny McPherson,et al.  Internet Routing Architectures, Second Edition , 2000 .

[26]  Dino Farinacci,et al.  Locator/ID Separation Protocol Alternative Logical Topology (LISP+ALT) , 2013, RFC.

[27]  Nick Feamster,et al.  Towards a logic for wide-area Internet routing , 2003, FDNA '03.

[28]  Sean W. Smith,et al.  The performance impact of BGP security , 2005, IEEE Network.

[29]  Daniel Behnen,et al.  Improving BGP Convergence Through Consistency Assertions , 2004 .

[30]  Brian Dickson Route Leaks -- Definitions , 2012 .

[31]  Sean W. Smith,et al.  Aggregated path authentication for efficient BGP security , 2005, CCS '05.

[32]  Interdomain Internet Routing 3.1 Autonomous Systems , 2022 .

[33]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[34]  Olivier Bonaventure,et al.  Open issues in interdomain routing: a survey , 2005, IEEE Network.

[35]  Sharon Goldberg,et al.  Rationality and traffic attraction: incentives for honest path announcements in bgp , 2008, SIGCOMM '08.

[36]  Stephen T. Kent,et al.  A Profile for Route Origin Authorizations (ROAs) , 2012, RFC.

[37]  Ethan Heilman,et al.  From the consent of the routed , 2014, SIGCOMM.

[38]  Lixin Gao,et al.  On the evaluation of AS relationship inferences [Internet reachability/traffic flow applications] , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[39]  Grenville J. Armitage,et al.  A Technique for Reducing BGP Update Announcements through Path Exploration Damping , 2010, IEEE Journal on Selected Areas in Communications.

[40]  Lixin Gao,et al.  On inferring and characterizing Internet routing policies , 2003, Journal of Communications and Networks.

[41]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[42]  Biswanath Mukherjee,et al.  A survey of security techniques for the border gateway protocol (BGP) , 2009, IEEE Communications Surveys & Tutorials.

[43]  Nick Feamster,et al.  A model of BGP routing for network engineering , 2004, SIGMETRICS '04/Performance '04.

[44]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[45]  D. Richard Kuhn,et al.  Study of BGP Peering Session Attacks and Their Impacts on Routing Performance , 2006, IEEE Journal on Selected Areas in Communications.

[46]  Ke Xu,et al.  Enhancing the Trust of Internet Routing With Lightweight Route Attestation , 2011, IEEE Transactions on Information Forensics and Security.

[47]  J.J. Garcia-Luna-Aceves,et al.  Securing the border gateway routing protocol , 1996, Proceedings of GLOBECOM'96. 1996 IEEE Global Telecommunications Conference.

[48]  Vitaly Shmatikov,et al.  Truth in advertising: lightweight verification of route integrity , 2007, PODC '07.

[49]  Jon Crowcroft,et al.  Integrating security in inter-domain routing protocols , 1993, CCRV.

[50]  Brian Dickson Route Leaks -- Requirements for Detection and Prevention thereof , 2012 .

[51]  Olivier Bonaventure,et al.  Interdomain traffic engineering with BGP , 2003, IEEE Commun. Mag..

[52]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM 2004.

[53]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[54]  Geoff Huston,et al.  A Profile for Resource Certificate Repository Structure , 2012, RFC.

[55]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[56]  Gordon T. Wilfong,et al.  Policy disputes in path-vector protocols , 1999, Proceedings. Seventh International Conference on Network Protocols.

[57]  Yih-Chun Hu,et al.  Efficient Security Mechanisms for Routing Protocolsa , 2003, NDSS.

[58]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[59]  Randy Bush,et al.  The Resource Public Key Infrastructure (rpki) to Router Protocol , 2013 .

[60]  Timothy G. Griffin,et al.  An experimental analysis of BGP convergence time , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[61]  Srikanth Sundaresan,et al.  Preventing Attacks on BGP Policies: One Bit is Enough , 2011 .

[62]  Lixia Zhang,et al.  Understanding Resiliency of Internet Topology against Prefix Hijack Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[63]  Jennifer Rexford,et al.  Inherently safe backup routing with BGP , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[64]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[65]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[66]  Jianping Pan,et al.  Keychain-Based Signatures for Securing BGP , 2010, IEEE Journal on Selected Areas in Communications.

[67]  Randy Bush BGPsec Operational Considerations , 2017, RFC.

[68]  F. Bruce Shepherd,et al.  Route oscillations in I-BGP with route reflection , 2002, SIGCOMM 2002.

[69]  Jia Wang,et al.  Towards an accurate AS-level traceroute tool , 2003, SIGCOMM '03.

[70]  Geoff Huston,et al.  Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs) , 2012, RFC.

[71]  Sharon Goldberg,et al.  A survey of interdomain routing policies , 2013, CCRV.

[72]  Vasileios Giotsas,et al.  Valley-free violation in Internet routing — Analysis based on BGP Community data , 2012, 2012 IEEE International Conference on Communications (ICC).

[73]  Yih-Chun Hu Efficient Security Mechanisms for Routing Protocols , 2003 .

[74]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[75]  G. Di Battista,et al.  Computing the types of the relationships between autonomous systems , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[76]  G. Huston,et al.  Interconnection, Peering and Settlements , 2003 .

[77]  Brian Dickson Route Leaks -- Proposed Solutions , 2012 .

[78]  Nick Feamster,et al.  The case for separating routing from routers , 2004, FDNA '04.

[79]  Xavier Masip-Bruin,et al.  Securing the LISP map registration process , 2013, 2013 IEEE Global Communications Conference (GLOBECOM).

[80]  Dave Katz,et al.  Multiprotocol Extensions for BGP-4 , 1998, RFC.

[81]  Dino Farinacci,et al.  The Locator/ID Separation Protocol (LISP) , 2009, RFC.

[82]  Martin Suchara,et al.  Securing BGP incrementally , 2007, CoNEXT '07.

[83]  Michalis Faloutsos,et al.  Non-binary information propagation: Modeling BGP routing churn , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[84]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[85]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[86]  Jennifer Rexford,et al.  Don't Secure Routing Protocols, Secure Data Delivery , 2006, HotNets.

[87]  Alvaro Retana,et al.  Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study. , 2015 .

[88]  Patrick D. McDaniel,et al.  Toward Valley-Free Inter-domain Routing , 2007, 2007 IEEE International Conference on Communications.

[89]  Lixin Gao,et al.  Identifying and Addressing Protocol Manipulation Attacks in "Secure" BGP , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[90]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM 2007.

[91]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.

[92]  Grenville J. Armitage,et al.  Securing BGP — A Literature Survey , 2011, IEEE Communications Surveys & Tutorials.

[93]  Xin Zhang,et al.  Invalidating Idealized BGP Security Proposals and Countermeasures , 2015, IEEE Transactions on Dependable and Secure Computing.

[94]  Walter Willinger,et al.  10 Lessons from 10 Years of Measuring and Modeling the Internet's Autonomous Systems , 2011, IEEE Journal on Selected Areas in Communications.

[95]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[96]  Randy Bush,et al.  DNS-based NLRI origin AS verification in BGP , 1998 .

[97]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[98]  Alex X. Liu,et al.  Symmetric Key Approaches to Securing BGP - A Little Bit Trust Is Enough , 2011, IEEE Trans. Parallel Distributed Syst..

[99]  Randy Bush,et al.  Security Requirements for BGP Path Validation , 2014, RFC.

[100]  Douglas C. Montgomery,et al.  Border Gateway Protocol Security , 2007 .

[101]  Lixin Gao,et al.  On inferring autonomous system relationships in the Internet , 2000, Globecom '00 - IEEE. Global Telecommunications Conference. Conference Record (Cat. No.00CH37137).

[102]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[103]  Deborah Estrin,et al.  The impact of routing policy on Internet paths , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[104]  Doug Montgomery,et al.  A Comparative Analysis of BGP Anomaly Detection and Robustness Algorithms , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[105]  Bassam Halabi,et al.  Internet Routing Architectures , 1997 .

[106]  Shane Amante,et al.  Route-Leaks & MITM Attacks Against BGPSEC , 2014 .

[107]  Daniel Massey,et al.  BGP-RCN: improving BGP convergence through root cause notification , 2005, Comput. Networks.

[108]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[109]  Ethan Heilman,et al.  On the risk of misbehaving RPKI authorities , 2013, HotNets.

[110]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[111]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[112]  Patrick D. McDaniel,et al.  Optimizing BGP security by exploiting path stability , 2006, CCS '06.

[113]  Daniel Massey,et al.  Detection of invalid routing announcement in the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[114]  Brian Weis,et al.  BGPSEC router key rollover as an alternative to beaconing , 2012 .

[115]  Richard Costain Ltd EXPLANATION AND APOLOGY , 1937 .

[116]  Deborah Estrin,et al.  Persistent route oscillations in inter-domain routing , 2000, Comput. Networks.

[117]  Hussein T. Mouftah,et al.  Credible BGP – Extensions to BGP for Secure Networking , 2009, 2009 Fourth International Conference on Systems and Networks Communications.