AS Alliance based security enhancement for inter-domain routing protocol

Abstract The Internet routing system as a complex system is faced with many challenges. Attacks against Border Gateway Protocol (BGP), the only wide-area routing protocol between different Autonomous Systems (AS), are increasing in number and severity. Most security mechanisms based on public key cryptography are far from deployment due to performance, trust model and other issues. Self-organization is a promising mechanism to control the complexity in large scale and dynamic networks. This paper proposes the notion of AS Alliance, a natural community structure self-organized based on commercial, political or other social relationships and taking advantage of the power-law and rich-club features of AS-level topology. A new trust model, Trust Translator Model (TTM), is designed based on AS Alliance to improve the security of BGP. TTM avoids the global distribution of certificates by trust translating of hub nodes between different trust domains, and yields much less memory overhead and a shorter validation chain than the traditional solutions. We develop a novel SE-BGP (Security Enhanced BGP) protocol extension exploiting TTM model. It introduces new path attributes to carry origin certificates and path signatures, and the algorithms to process origin authentication and path authentication. Our analysis and experiment results show that SE-BGP is a viable solution.

[1]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[2]  Li Chao,et al.  Analysis on Community Structure of Internet Topology , 2007 .

[3]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM 2006.

[4]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[5]  Akbar Zaheer,et al.  Trust as an Organizing Principle Bill McEvily , 2003 .

[6]  Zhang Guoqing Research on Local Clustering of the Internet AS Level Topology , 2006 .

[7]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[8]  M E J Newman,et al.  Fast algorithm for detecting community structure in networks. , 2003, Physical review. E, Statistical, nonlinear, and soft matter physics.

[9]  Doug Montgomery,et al.  Toward Secure Routing Infrastructures , 2006, IEEE Security & Privacy.

[10]  Sean W. Smith,et al.  The performance impact of BGP security , 2005, IEEE Network.

[11]  Paul C. van Oorschot,et al.  Analysis of BGP prefix origins during Google's May 2005 outage , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[12]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[13]  Julie Thorpe,et al.  On predictive models and user-drawn graphical passwords , 2008, TSEC.

[14]  Christos Faloutsos,et al.  Epidemic thresholds in real networks , 2008, TSEC.

[15]  Shi Zhou,et al.  The rich-club phenomenon in the Internet topology , 2003, IEEE Communications Letters.

[16]  John Scott Social Network Analysis , 1988 .

[17]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.