Self-reliant detection of route leaks in inter-domain routing

Route leaks are among the several inter-domain routing anomalies that have the potential to cause large scale service disruptions on the Internet. The reason behind the occurrence of route leaks is the violation of routing policies among Autonomous Systems (ASes). There exist a few rudimentary solutions that can be used as a first line of defense, such as the utilization of route filters, but these palliatives become unfeasible in large domains due to the administrative overhead and the cost of maintaining the filters updated. As a result, a significant part of the Internet is defenseless against route leak attacks. In this paper, we examine the different types of route leaks and propose detection methodologies for improving the reliability of the routing system. Our main contributions can be summarized as follows. We develop a relatively basic theoretical framework, which, under realistic assumptions, enables a domain to autonomously determine if a particular route advertisement received from a neighbor corresponds to a route leak. Based on this, we propose three incremental methodologies, namely Cross-Path (CP), Benign Fool Back (BFB), and Reverse Benign Fool Back (R-BFB), for autonomously detecting route leaks. Our strength resides in the fact that these detection techniques solely require the analysis of control and data plane information available within the domain. We analyze the performance of the proposed route leak identification techniques both through real-time experiments as well as simulations at large scale. Our results show that the proposed detection techniques achieve high success rates for countering route leaks in different scenarios.

[1]  Stephen T. Kent,et al.  A Profile for Route Origin Authorizations (ROAs) , 2012, RFC.

[2]  Michalis Faloutsos,et al.  Analyzing BGP policies: methodology and tool , 2004, IEEE INFOCOM 2004.

[3]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[4]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[5]  Dmitri V. Krioukov,et al.  AS relationships: inference and validation , 2006, CCRV.

[6]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[7]  Benjamin Hummel,et al.  Acyclic type-of-relationship problems on the internet: an experimental analysis , 2007, IMC '07.

[8]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[9]  Anja Feldmann,et al.  Anatomy of a large european IXP , 2012, SIGCOMM '12.

[10]  Xavier Masip-Bruin,et al.  Route leak identification: A step toward making inter-domain routing more reliable , 2014, 2014 10th International Conference on the Design of Reliable Communication Networks (DRCN).

[11]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[12]  Srikanth Sundaresan,et al.  Preventing Attacks on BGP Policies: One Bit is Enough , 2011 .

[13]  Randy H. Katz,et al.  Characterizing the Internet hierarchy from multiple vantage points , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[14]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[15]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[16]  Marek Chrobak,et al.  Sampling large Internet topologies for simulation purposes , 2007, Comput. Networks.