Preventing Attacks on BGP Policies: One Bit is Enough

Thumbnail Image
Files
GT-CS-11-07.pdf (443.19 KB)
Author(s)
Sundaresan, Srikanth
Lychev, Robert
Valancius, Vytautas
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
School of Computer Science
School established in 2007
Series
Series
Series
Collections
Research Publications
Supplementary to:
Permanent Link
http://hdl.handle.net/1853/38920
Abstract
The Internet is comprised of many autonomous systems (AS) managed by independent entities that use the Border Gateway Protocol (BGP) to route their traffic. Although it is the de facto standard for establishing paths across the Internet, BGP is not a secure protocol and the Internet infrastructure often experiences attacks, such as prefix hijacking and attribute mangling, incurring great costs to ASes that experience them. Various solutions have been proposed in response to these attacks, such as Secure BGP, but they do not address traffic attraction attacks that stem from export policy violations. In these attacks, malicious ASes can introduce paths that are legitimate from the protocol standpoint and yet malicious to the users of that protocol. Although these attacks have been studied before, no solution has yet been proposed. In this paper, we thoroughly characterize this set of attacks and propose a very lightweight and effective scheme to address them. Our scheme requires no manual configuration. We show that even if only a small fraction of ASes deploy our scheme, the amount of possible attacks reduces by on order of magnitude.
Sponsor
Date
2011
Extent
Resource Type
Text
Resource Subtype
Technical Report
Rights Statement
Rights URI