Reputation Mechanism for Inter-domain Routing Security Management

Inter-domain routing system is the critical infrastructure of Internet. Make sure that autonomous system (AS) announces and prefers authentic routing information is very important to the security of inter-domain routing system. Due to BGP’s opaqueness and AS’s autonomy, it is difficult for AS to identify whether an incoming BGP route is valid. We design a reputation mechanism based on Bayesian probability theory to evaluate the trustworthiness of AS. The mechanism takes in the statistical results on routing trustworthiness published by AS, employs posterior probability analysis, and finally calculates a reputation score for a particular AS. Our proposal makes existing route monitoring and analysis tool more effective. Combining with routing decision, reputation mechanism can restrain the propagation of bogus routing information and improve the overall security situation of inter-domain routing system. Our mechanism makes no changes to BGP protocol and supports incremental deployment.

[1]  Daniel Massey,et al.  Detection of invalid routing announcement in the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[2]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[3]  Z. Morley Mao,et al.  Accurate Real-time Identification of IP Hijacking , 2006 .

[4]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[5]  Christos Faloutsos,et al.  Epidemic thresholds in real networks , 2008, TSEC.

[6]  Tim Roughgarden,et al.  How bad is selfish routing? , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[7]  Refik Molva,et al.  Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks , 2002, Communications and Multimedia Security.

[8]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[9]  Gheorghe Cosmin Silaghi,et al.  Reputation-based trust management systems and their applicability to grids , 2007 .

[10]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[11]  Thomas Beth,et al.  Valuation of Trust in Open Networks , 1994, ESORICS.

[12]  J. Rexford,et al.  A distributed reputation approach to cooperative Internet routing protection , 2005, 1st IEEE ICNP Workshop on Secure Network Protocols, 2005. (NPSec)..

[13]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[14]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[15]  Audun Jøsang,et al.  AIS Electronic Library (AISeL) , 2017 .

[16]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[17]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[18]  Sean W. Smith,et al.  Evaluating the Performance Impact of PKI on BGP Security , 2005 .

[19]  Alexandre Yakovlev,et al.  Design and analysis of dual-rail circuits for security applications , 2005, IEEE Transactions on Computers.

[20]  Lixin Gao,et al.  Detecting bogus BGP route information: Going beyond prefix hijacking , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[21]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[22]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[23]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[24]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.