Abstract
Since the lack of necessary security mechanisms, the Internet’s inter-domain routing system, mainly based on the Border Gateway Protocol (BGP), inevitably faces with serious security threats. Although there are many researches focus on the security of inter-domain routing and BGP, few people have quantified the routing security of the current BGP system effectively. Moreover, Internet operators do need useful information to judge security threats of their autonomous systems (ASes) and BGP routers. In this paper, we propose a security evaluation model, SEM, to assess security threats of the routing system. The basic idea of SEM is simple, namely, the security status of the whole system rests with its parts’. In addition, we quantify security threats status of the routing information from RouteViews using our model. The experimental results show that the model can provide intuitive security threat indices for BGP routers, various ASes and the BGP system respectively, and further more, it can provide valuable, intuitional curve for Internet operators.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Yannuzzi, M., Masip-Bruin, X., Bonaventure, O.: Open Issues in Interdomain Routing: A Survey. IEEE NETWORK 19, 49–56 (2005)
Christian, B., Tauber, T.: BGP Security Requirements. Internet-Draft: IETF (2006)
Butler, K., Farley, T., Rexford, J.: A Survey of BGP Security (2005), http://www.patrickmcdaniel.org/pubs/td-5ugj33.pdf
Nordström, O., Dovrolis, C.: Beware of BGP Attacks. ACM SIGCOMM Computer Communications Review 34, 1–8 (2004)
Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications, Special Issue on Network Security 18, 582–592 (2000)
White, R.: Securing BGP Through Secure Origin BGP. IPJ 6, 15–22 (2003)
Wan, T., Kranakis, E., Oorschot, P.v.: Pretty Secure BGP (psBGP). In: ISOC. San Diego, CA, USA (2005)
Routing protocols security working group, http://www.rpsec.org
Popescu, A.C., Premore, B.J., Underwood, T.: Anatomy of a leak: As9121, http://www.nanog.org/mtg-0505/underwood.html
Gradus tool, http://gradus.renesys.com
Lad, M., Massey, D., Pei, D.: PHAS: A Prefix Hijack Alert System. In: Proceedings of 15th USENIX Security Symposium, pp. 153–166 (2006)
Ripe myasn system, http://www.ris.ripe.net/myasn.html
Meyer, D.: Route Views Project, http://www.routeviews.org
Feamster, N., Jung, J., Balakrishnan, H.: An Empirical Study of Bogon Route Advertisements. ACM SIGCOMM CCR 35, 63–71 (2005)
Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Topology-based Detection of Anomalous BGP Messages. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 17–35. Springer, Heidelberg (2003)
Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: Detection of Invalid Routing Announcement in the Internet. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN) (2002)
Bush, R.: Validation of Received Routes. In: NANOG (2000)
Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4), RFC 4271
Liu, X., Zhu, P.: A Rules-Based Approach to Anomaly Detection in Inter-domain Routing System. Journal of National University of Defense Technology 28, 71–76 (2006)
Wang, C., Wulf, W.A.: Towards a framework for security measurement. In: 20th National Information Systems Security Conference, Baltimore (1997)
Chen, X., Zheng, Q., Guan, X., Lin, C.: Quantitative Hierarchical Threat Evaluation Model for Network Security. Journal of Software 17, 885–897 (2006)
Zhang, B., Liu, R., Massey, D., Zhang, L.: Collecting the Internet AS-level Topology. ACM SIGCOMM CCR, special issue on Internet Vital Statistics (2005)
Spring, N., Mahajan, R., Wetherall, D., Anderson, T.: Measuring ISP topologies with Rocketfuel. IEEE/ACM Trans. on Networking 12, 2–16 (2004)
Mao, Z.M., Rexford, J., Wang, J., Katz, R.H.: Towards an Accurate As-Level Traceroute Tool. In: SIGCOMM 2003, Karlsruhe, Germany, pp. 365–378 (2003)
Subramanian, L.: Listen and whisper: Security mechanisms for BGP. In: First Symposium on Networked Systems Design and Implementation (NSDI 2004) (2004)
Wang, L., Zhao, X., Pei, D., Bush, R., Massey, D., Mankin, A., Wu, S., Zhang, L.: Protecting BGP Routes to Top Level DNS Servers. In: ICDCS (2003)
Karlin, J., Forrest, S., Rexford, J.: Pretty good bgp: Protecting bgp by cautiously selecting routes, University of New Mexico (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, X., Zhu, P., Peng, Y. (2008). SEM: A Security Evaluation Model for Inter-domain Routing System in the Internet. In: Akar, N., Pioro, M., Skianis, C. (eds) IP Operations and Management. IPOM 2008. Lecture Notes in Computer Science, vol 5275. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87357-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-87357-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-87356-3
Online ISBN: 978-3-540-87357-0
eBook Packages: Computer ScienceComputer Science (R0)