Hi-BGP : A Lightweight Hijack-proof Inter-domain Routing Protocol

BGP is the cornerstone of the Internet. However, the implicit trust assumption in BGP’s design destines its inherited vulnerability. Prefix hijacking is one of the large-scale BGPspecific routing anomalies that are able to paralyze the Internet. This calls for a hijack-proof security solution. By putting the protection against prefix hijacking the top priority, we design a lightweight hijack-proof BGP system – Hi-BGP. Hi-BGP utilizes the existing BGP system to distribute the relevant route validation information and use the information to prevent various prefix hijacking. In addition, we propose a transition scheme of HiBGP so that it can be incrementally deployed. At the same time, we show that Hi-BGP is lightweight and can be deployed in the Internet.

[1]  Sean W. Smith,et al.  The performance impact of BGP security , 2005, IEEE Network.

[2]  Martin B. H. Weiss,et al.  A Game Theoretic Modeling and Analysis for Internet Access Market , 2002 .

[3]  Russ White Architecture and Deployment Considerations for Secure Origin BGP (soBGP) , 2006 .

[4]  W. Trowbridge WOW , 2005 .

[5]  Suman Banerjee,et al.  The Interdomain Connectivity of PlanetLab Nodes , 2004, PAM.

[6]  Josh Karlin Pretty Good BGP : Protecting BGP by Cautiously Selecting Routes Paper , 2005 .

[7]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[8]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[9]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[10]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[11]  Lixin Gao,et al.  On inferring and characterizing Internet routing policies , 2003, Journal of Communications and Networks.

[12]  Christopher Krügel,et al.  Topology-Based Detection of Anomalous BGP Messages , 2003, RAID.

[13]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[14]  Charles Lynn,et al.  Secure BGP (S-BGP) , 2003 .

[15]  Randy H. Katz,et al.  Characterizing the Internet hierarchy from multiple vantage points , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[16]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[17]  Nick Feamster,et al.  An empirical study of "bogon" route advertisements , 2005, CCRV.

[18]  A. Perrig,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM '04.

[19]  Narine Badasyan A Simple Game Theoretic Analysis of Peering and Transit Contracting among Internet Access Providers , 2005 .

[20]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[21]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[22]  Cengiz Alaettinoglu,et al.  Routing Policy Specification Language (RPSL) , 1998, RFC.