A Reputation-Based Method to Secure Inter-Domain Routing

Due to the lack of the mechanism within BGP to verify the authority of an Autonomous System (AS) to announce Network Layer Reachable Information (NLRI), a specific IP prefix may be hijacked by a suspicious AS, leading to Internet instability even crash. Current proposals either are still no widely deployed for expensive overhead and complex key management, such as S-BGP, soBGP, etc, or can be incrementally deployed but not timely response and block attacks, just detect anomalies and rely on manual response from network operators, such as iSPY, PHAS, etc. The paper proposed an autonomous system origination reputation model to evaluate the trust degree of an autonomous system (AS) on originating the prefix. As a result, an AS selectively prefers the route announcement originated by the AS with higher origination reputation, prefix hijacking would be suppressed from happening. According to the beta reputation theory, the origination reputation of an AS is computed based on results of multiple prefix hijacking detection systems, by removing false positives and false negatives of detection systems. And the origination reputation is updated following the "slowly rising, quickly falling" principle. In the end, the validity of the model is verified by simulation experiments.

[1]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[2]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[3]  Ning Hu,et al.  Reputation-Based Collaborative Management Method for Inter-Domain Routing Security: Reputation-Based Collaborative Management Method for Inter-Domain Routing Security , 2010 .

[4]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[5]  Naixue Xiong,et al.  SC-OA: A Secure and Efficient Scheme for Origin Authentication of Interdomain Routing in Cloud Computing Networks , 2011, 2011 IEEE International Parallel & Distributed Processing Symposium.

[6]  Jouni Isoaho,et al.  Hybrid Trust Model for Internet Routing , 2011, ArXiv.

[7]  Zhu Pei-dong,et al.  Self-Organization of Inter-Domain Routing System , 2006 .

[8]  Insup Lee,et al.  AS-CRED: Reputation and Alert Service for Interdomain Routing , 2013, IEEE Systems Journal.

[9]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[10]  It Informatics,et al.  Border Gateway Protocol , 2013 .

[11]  Insup Lee,et al.  AS-TRUST: A Trust Quantification Scheme for Autonomous Systems in BGP , 2011, TRUST.

[12]  Randy Bush,et al.  The Resource Public Key Infrastructure (rpki) to Router Protocol , 2013 .

[13]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.

[14]  Randy Bush,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2008, IEEE/ACM Transactions on Networking.

[15]  Audun Jøsang,et al.  AIS Electronic Library (AISeL) , 2017 .

[16]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[17]  Yang Xiang,et al.  Sign what you really care about - Secure BGP AS-paths efficiently , 2013, Comput. Networks.

[18]  Craig A. Shue,et al.  Malicious Hubs: Detecting Abnormally Malicious Autonomous Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[19]  S. K. Dubey,et al.  Security and Privacy in Cloud Computing: A Survey , 2013 .

[20]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[21]  Wei Li,et al.  Trust Degree Based Inter-Domain Routing Mechanism: Trust Degree Based Inter-Domain Routing Mechanism , 2010 .

[22]  J. Rexford,et al.  A distributed reputation approach to cooperative Internet routing protection , 2005, 1st IEEE ICNP Workshop on Secure Network Protocols, 2005. (NPSec)..

[23]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.

[24]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM 2006.

[25]  Bin Liu,et al.  Safeguarding Data Delivery by Decoupling Path Propagation and Adoption , 2010, 2010 Proceedings IEEE INFOCOM.

[26]  Michalis Faloutsos,et al.  Neighborhood Watch for Internet Routing: Can We Improve the Robustness of Internet Routing Today? , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[27]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[28]  Wang Bin-qiang An Origin AS Verification Mechanism Based on the Length of Prefix Assignment Path for Securing BGP , 2009 .

[29]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[30]  Zhu Pei,et al.  Reputation-Based Collaborative Management Method for Inter-Domain Routing Security , 2010 .

[31]  Luo Jun Trust Degree Based Inter-Domain Routing Mechanism , 2010 .

[32]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[33]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[34]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[35]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.