Creating a Secure Underlay for the Internet

Adversaries can exploit inter-domain routing vulnerabilities to intercept communication and compromise the security of critical Internet applications. Meanwhile the deployment of secure routing solutions such as Border Gateway Protocol Security (BGPsec) and Scalability, Control and Isolation On Next-generation networks (SCION) are still limited. How can we leverage emerging secure routing backbones and extend their security properties to the broader Internet? We design and deploy an architecture to bootstrap secure routing. Our key insight is to abstract the secure routing backbone as a virtual Autonomous System (AS), called Secure Backbone AS (SBAS). While SBAS appears as one AS to the Internet, it is a federated network where routes are exchanged between participants using a secure backbone. SBAS makes BGP announcements for its customers’ IP prefixes at multiple locations (referred to as Points of Presence or PoPs) allowing traffic from non-participating hosts to be routed to a nearby SBAS PoP (where it is then routed over the secure backbone to the true prefix owner). In this manner, we are the first to integrate a federated secure non-BGP routing backbone with the BGP-speaking Internet. We present a real-world deployment of our architecture that uses SCIONLab to emulate the secure backbone and the PEERING framework to make BGP announcements to the Internet. A combination of real-world attacks and Internet-scale simulations shows that SBAS substantially reduces the threat of routing attacks. Finally, we survey network operators to better understand optimal governance and incentive models.

[1]  Joeri de Ruiter,et al.  Next-generation internet at terabit speed: SCION in P4 , 2021, Conference on Emerging Network Experiment and Technology.

[2]  David Hausheer,et al.  Deployment and scalability of an inter-domain multi-path routing infrastructure , 2021, CoNEXT.

[3]  M. Apostolaki,et al.  Securing internet applications from routing attacks , 2020, Commun. ACM.

[4]  Prateek Mittal,et al.  Experiences Deploying Multi-Vantage-Point Domain Validation at Let's Encrypt , 2021, USENIX Security Symposium.

[5]  David Hausheer,et al.  SCIONLAB: A Next-Generation Internet Testbed , 2020, 2020 IEEE 28th International Conference on Network Protocols (ICNP).

[6]  Ítalo S. Cunha,et al.  PEERING: virtualizing BGP at the edge for research , 2019, CoNEXT.

[7]  Jennifer Rexford,et al.  SICO: Surgical Interception Attacks by Manipulating BGP Communities , 2019, CCS.

[8]  Alberto Dainotti,et al.  Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table , 2019, Internet Measurement Conference.

[9]  台灣電腦網路危機處理暨協調中心 Mutually Agreed Norms for Routing Security , 2019 .

[10]  Laurent Vanbever,et al.  SABRE: Protecting Bitcoin against Routing Attacks , 2018, NDSS.

[11]  Thomas Engel,et al.  The state of affairs in BGP security: A survey of attacks and defenses , 2018, Comput. Commun..

[12]  Jennifer Rexford,et al.  Bamboozling Certificate Authorities with BGP , 2018, USENIX Security Symposium.

[13]  Adrian Perrig,et al.  SCION: A Secure Internet Architecture , 2017, Information Security and Cryptography.

[14]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[15]  Laurent Vanbever,et al.  Hijacking Bitcoin: Routing Attacks on Cryptocurrencies , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[16]  David D. Clark,et al.  bdrmap: Inference of Borders Between IP Networks , 2016, Internet Measurement Conference.

[17]  Michael Meier,et al.  Improved Calculation of aS Resilience against IP Prefix Hijacking , 2016, 2016 IEEE 41st Conference on Local Computer Networks Workshops (LCN Workshops).

[18]  Amir Herzberg,et al.  Jumpstarting BGP Security with Path-End Validation , 2016, SIGCOMM.

[19]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[20]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[21]  Nikita Borisov,et al.  Defending Tor from Network Adversaries: A Case Study of Network Path Prediction , 2014, Proc. Priv. Enhancing Technol..

[22]  A. Arnbak,et al.  Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad , 2015 .

[23]  Ítalo S. Cunha,et al.  PEERING: An AS for Us , 2014, HotNets.

[24]  Thomas E. Anderson,et al.  One tunnel is (often) enough , 2014, SIGCOMM.

[25]  Srinivasan Seshan,et al.  XIA: architecting a more trustworthy and evolvable internet , 2014, CCRV.

[26]  Sharon Goldberg,et al.  BGP security in partial deployment: is the juice worth the squeeze? , 2013, SIGCOMM.

[27]  Marcelo Bagnulo,et al.  BGP-XM: BGP eXtended Multipath for transit Autonomous Systems , 2013, Comput. Networks.

[28]  Andreas Haeberlen,et al.  The Nebula Future Internet Architecture , 2013, Future Internet Assembly.

[29]  Randy Bush,et al.  The Resource Public Key Infrastructure (rpki) to Router Protocol , 2013 .

[30]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[31]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[32]  Manish Karir,et al.  Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format , 2011, RFC.

[33]  Nick McKeown,et al.  Architecting for innovation , 2011, CCRV.

[34]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[35]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[36]  Martin May,et al.  The autonomic network architecture (ANA) , 2010, IEEE Journal on Selected Areas in Communications.

[37]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[38]  Brighten Godfrey,et al.  Pathlet routing , 2009, SIGCOMM '09.

[39]  Lixin Gao,et al.  Path Diversity Aware Interdomain Routing , 2009, IEEE INFOCOM 2009.

[40]  Lixin Gao,et al.  Reliable interdomain routing through multiple complementary routing processes , 2008, CoNEXT '08.

[41]  Santosh S. Vempala,et al.  Path splicing , 2008, SIGCOMM '08.

[42]  Mung Chiang,et al.  DEFT: Distributed Exponentially-Weighted Flow Splitting , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[43]  Bruce M. Maggs,et al.  R-BGP: Staying Connected in a Connected World , 2007, NSDI.

[44]  Jennifer Rexford,et al.  A Pluralist Approach to Interdomain Communication Security , 2007 .

[45]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[46]  Xiaowei Yang,et al.  Source selectable path diversity via routing deflections , 2006, SIGCOMM.

[47]  J. Rexford,et al.  MIRO: multi-path interdomain routing , 2006, SIGCOMM.

[48]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[49]  Jonathan S. Turner,et al.  Diversifying the Internet , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[50]  Krishna P. Gummadi,et al.  Improving the Reliability of Internet Paths with One-hop Source Routing , 2004, OSDI.

[51]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[52]  Jon Crowcroft,et al.  Plutarch: an argument for network pluralism , 2003, FDNA '03.

[53]  D. Andersen,et al.  Resilient overlay networks , 2002, CCRV.

[54]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[55]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[56]  Dino Farinacci,et al.  Generic Routing Encapsulation (GRE) , 2000, RFC.