Authors:
Ines Feki
1
;
Xiaoli Zheng
1
;
Mohammed Achemlal
1
and
Ahmed Serhrouchni
2
Affiliations:
1
France Telecom R&D, France
;
2
Telecom Paris, France
Keyword(s):
Internet routing, Security, BGP.
Related
Ontology
Subjects/Areas/Topics:
Data and Systems Security
;
Information and Systems Security
;
Security Area Control
;
Security in Information Systems
;
Security Requirements
Abstract:
Internet is composed of thousands of autonomous systems (AS). The Border Gateway Protocol (BGP) is the exterior routing protocol used to exchange network reachability information between border routers of each AS. The correctness of the exchanged information in BGP messages is crucial to the Internet routing system. Unfortunately, BGP is vulnerable to different attacks that have considerable impacts on routing system. Network prefix hijacking, where an AS illegitimately originates a prefix is one of the most important attacks. It allows the attacker to receive traffic in destination to the prefix owner. The attacker is then able to blackhole the traffic or to force it to take another path. Proposed solutions rely on public key infrastructures and cryptographic mechanisms to prevent incorrect routing information propagation. In practice these approaches involve many parties (Internet Service Providers, Operators, Vendors, and Regional Internet Registries) and are difficult to deploy.
In this paper we formally define routing information correctness, especially the legitimacy of an AS to originate a prefix. We also propose a method to associate with an AS a legitimacy level to originate a prefix. We use Regional Internet Registry databases to initialize the legitimacy level. We also use received announcements and public routing data to update this legitimacy level. We finally describe all conceivable reactions facing origin AS changes.
(More)