Listen and whisper: security mechanisms for BGP

BGP, the current inter-domain routing protocol, assumes that the routing information propagated by authenticated routers is correct. This assumption renders the current infrastructure vulnerable to both accidental misconfigurations and deliberate attacks. To reduce this vulnerability, we present a combination of two mechanisms: Listen and Whisper. Listen passively probes the data plane and checks whether the underlying routes to different destinations work. Whisper uses cryptographic functions along with routing redundancy to detect bogus route advertisements in the control plane. These mechanisms are easily deployable, and do not rely on either a public key infrastructure or a central authority like ICANN. The combination of Listen and Whisper eliminates a large number of problems due to router misconfigurations, and restricts (though not eliminates) the damage that deliberate attackers can cause. Moreover, these mechanisms can detect and contain isolated adversaries that propagate even a few invalid route announcements. Colluding adversaries pose a more stringent challenge, and we propose simple changes to the BGP policy mechanism to limit the damage colluding adversaries can cause. We demonstrate the utility of Listen and Whisper through real-world deployment, measurements and empirical analysis. For example, a randomly placed isolated adversary, in the worst case can affect reachability to only 1% of the nodes.

[1]  Don Davis Compliance Defects in Public Key Cryptography , 1996, USENIX Security Symposium.

[2]  S. Murphy,et al.  Retrofitting security into Internet infrastructure protocols , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2002, Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications.

[4]  Sally Floyd,et al.  Wide-area traffic: the failure of Poisson modeling , 1994 .

[5]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[6]  Pekka Nikander,et al.  Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties , 2002, Security Protocols Workshop.

[7]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[8]  Roger Clarke Conventional Public Key Infrastructure : An Artefact Ill-Fitted to the Needs of the Information Society , 2001 .

[9]  Randy H. Katz,et al.  Characterizing the Internet hierarchy from multiple vantage points , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[10]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[11]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[12]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[13]  Sally Floyd,et al.  Wide-Area Traffic: The Failure of Poisson Modeling , 1994, SIGCOMM.

[14]  J.J. Garcia-Luna-Aceves,et al.  Securing the border gateway routing protocol , 1996, Proceedings of GLOBECOM'96. 1996 IEEE Global Telecommunications Conference.

[15]  Yih-Chun Hu,et al.  Efficient Security Mechanisms for Routing Protocolsa , 2003, NDSS.

[16]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[17]  Ramesh Govindan,et al.  The temporal and topological characteristics of BGP path changes , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[18]  Yih-Chun Hu,et al.  Wormhole Detection in Wireless Ad Hoc Networks , 2002 .

[19]  David R. Cheriton,et al.  Feedback based routing , 2003, CCRV.

[20]  Mihir Bellare,et al.  A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost , 1997, EUROCRYPT.

[21]  Yih-Chun Hu Efficient Security Mechanisms for Routing Protocols , 2003 .

[22]  Stephen T. Kent,et al.  Design and analysis of the Secure Border Gateway Protocol (S-BGP) , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[23]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[24]  Karen Seo,et al.  Public-key infrastructure for the Secure Border Gateway Protocol (S-BGP) , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[25]  Daniel R. Simon,et al.  Secure traceroute to detect faulty or malicious routing , 2003, CCRV.

[26]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[27]  Jia Wang,et al.  Towards an accurate AS-level traceroute tool , 2003, SIGCOMM '03.

[28]  Joseph Kee-yin Ng,et al.  Extensions to BGP to Support Secure Origin BGP , 2004 .