Abstract
Internet is composed of a set of autonomous systems (AS) managed by an administrative authority. The Border Gateway Protocol (BGP) is the exterior routing protocol used to exchange network reachability between the border routers of each autonomous network. BGP allows the ASes to apply policies when they select the routes that their traffic will take. Policies are based on business relationships and traffic engineering constraints. It is currently assumed that the exchanged reachability information is correct. In other words, the ASes that originate a network prefix are supposed to be authorized to advertise it. It also means that the announced routing information is conformant with the routing policies of the ASes. This assumption is not true anymore. We review existing proposals aiming to solve internet routing security issues and present our contributions. First, we propose a system able to detect and to react to illegitimate advertisements. Then, we describe our current work that focuses on the specification of a collaborative framework between ASes aiming at cautiously select routes.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915072_109.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rekhter, Y., Hares, S., Li, T.: the Border Gateway Protocol. RFC 4271 (2006)
Zhang, K., Zhao, X., Felix Wu, S.: An analysis on selective dropping attack in BGP. In: Proceedings of IEEE International Conference on Performance, Computing, and Communications (2004)
Feamster, N., Johari, R., Balakrishnan, H.: The Implications of Autonomy for Stable Policy Routing. In: Proceedings of ACM SIGCOMM (2005)
Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfigurations. In: Proceedings of ACM SIGCOMM (2002)
Zhao, X., Pei, D., Wang, L., Massay, D., Mankin, A., Felix Wu, S., Zhang, L.: An Analysis of BGP Multiple Origin AS (MOAS) Conflicts. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement (2001)
www.mail-archive.com/nanog@merit.edu/msg40003.html
Heffernan, A.: Protection of BGP sessions via TCP MD5 signature option. RFC 2385 (1998)
Gill, V., Heasley, J., Meyer, D.: The Generalized TTL Mechanism, RFC3682 (2004)
Feki, I., Achemlal, M., Serhouchni, A.: Risques de sécurité lies à BGP. In: Proceedings of the 4th conference on Security and Network Architecture (2005)
Nordström, O., Dovrolis, C.: Beware of BGP attacks. ACM SIGCOMM Computer Communication Review 34(2) (2004)
Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol. IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)
White, R.: Securing BGP through Secure Origin BGP. Internet Protocol Journal, Cisco 6(3), 15–22 (2003)
Wan, T.: Pretty Secure BGP. In: Proceedings of Network and Distributed System Security Symposium Conference (2005)
Teoh, S.T.: Visual-based Anomaly Detection for BGP Origin AS Change (OASC) Events. In: Brunner, M., Keller, A. (eds.) DSOM 2003. LNCS, vol. 2867, pp. 155–168. Springer, Heidelberg (2003)
Teoh, S.T.: Combining visual and automated data mining for near-real-time anomaly detection and analysis in BGP. In: CCS Workshop on Visualization and Data Mining for Computer Security (2004)
Zhao, X., Pei, D., Wang, L., Mankin, A., Wu, S., Zhang, L.: Detection of Invalid Routing Announcement in the Internet. In: Proceedings of International Conference on Dependable Systems and Networks (2002)
Goodell, G., Aiello, W., Griffin, T., Ioannis, J., McDaniel, P., Rubin, A.: Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing. In: Proceedings of Network and Distributed Systems Security (2003)
Feki, I., Achemlal, M., Serhouchni, A.: Internet Routing Security Issues and Requirements Definition. In: Proceedings of the International Conference on Telecommunications and Multimedia (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Feki, I. (2006). An Incremental Approach to Enhance the Accuracy of Internet Routing. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4278. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915072_48
Download citation
DOI: https://doi.org/10.1007/11915072_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48273-4
Online ISBN: 978-3-540-48276-5
eBook Packages: Computer ScienceComputer Science (R0)