Automatic creation of VPN backup paths for improved resilience against BGP-attackers

Virtual private networks (VPNs) play an integral role in corporate and governmental communication systems nowadays. As such they are by definition an exposed target for attacks on the availability of whole communication infrastructures. A comparably effective way to disturb VPNs is the announcement of the involved IP address ranges by compromised BGP routers. Since in the foreseeable future criminals may focus on such attacks, this article discusses the intelligent creation of backup paths in the context of VPNs as a countermeasure. The proposed system is evaluated in simulations as well as in a prototypic environment.

[1]  Vern Paxson,et al.  End-to-end routing behavior in the Internet , 1996, TNET.

[2]  Robert Tappan Morris,et al.  The case for resilient overlay networks , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[3]  Stefan Savage,et al.  The end-to-end effects of Internet path selection , 1999, SIGCOMM '99.

[4]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[5]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[6]  Hari Balakrishnan,et al.  Best-path vs. multi-path overlay routing , 2003, IMC '03.

[7]  Perry B. Gentry What is a VPN? , 2001, Inf. Secur. Tech. Rep..

[8]  Yougu Yuan,et al.  Internet worms and global routing instabilities , 2002, SPIE ITCom.

[9]  R. K. Shyamasundar,et al.  Introduction to algorithms , 1996 .

[10]  Vern Paxson,et al.  End-to-end Internet packet dynamics , 1997, SIGCOMM '97.

[11]  Amin Vahdat,et al.  Detour: informed Internet routing and transport , 1999, IEEE Micro.

[12]  Günter Schäfer,et al.  Distributed Automatic Configuration of Complex IPsec-Infrastructures , 2010, Journal of Network and Systems Management.

[13]  Akihiro Nakao,et al.  A routing underlay for overlay networks , 2003, SIGCOMM '03.

[14]  Steve Mansfield-Devine,et al.  Anonymous: serious threat or mere annoyance? , 2011, Netw. Secur..

[15]  Yang Zhang,et al.  Scaling all-pairs overlay routing , 2009, CoNEXT '09.

[16]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[17]  Jorge Arturo Cobb,et al.  An overview of solutions to avoid persistent BGP divergence , 2005, IEEE Network.

[18]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.