On power-law relationships of the Internet topology
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
On inferring autonomous system relationships in the internet
IEEE/ACM Transactions on Networking (TON)
An analysis of BGP multiple origin AS (MOAS) conflicts
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Observation and analysis of BGP behavior under stress
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
BGP routing stability of popular destinations
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Detection of Invalid Routing Announcement in the Internet
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Modeling adoptability of secure BGP protocols
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Accurate Real-time Identification of IP Prefix Hijacking
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
PHAS: a prefix hijack alert system
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Protecting BGP routes to top-level DNS servers
IEEE Transactions on Parallel and Distributed Systems
Neighbor-specific BGP: more flexible routing policies while improving global stability
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Probabilistic IP prefix authentication (PIPA) for prefix hijacking
CFI '09 Proceedings of the 4th International Conference on Future Internet Technologies
NetReview: detecting when interdomain routing goes wrong
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Impact of prefix-match changes on IP reachability
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Design for configurability: rethinking interdomain routing policies from the ground up
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Safeguarding data delivery by decoupling path propagation and adoption
INFOCOM'10 Proceedings of the 29th conference on Information communications
How secure are secure interdomain routing protocols
Proceedings of the ACM SIGCOMM 2010 conference
Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Let the market drive deployment: a strategy for transitioning to BGP security
Proceedings of the ACM SIGCOMM 2011 conference
AS-TRUST: a trust quantification scheme for autonomous systems in BGP
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Modeling on quicksand: dealing with the scarcity of ground truth in interdomain routing data
ACM SIGCOMM Computer Communication Review
Auto-learning of SMTP TCP transport-layer features for spam and abusive message detection
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Hi-index | 0.00 |
The Internet's interdomain routing protocol, BGP, supports a complex network of Autonomous Systems which is vulnerable to a number of potentially crippling attacks. Several promising cryptography-based solutions have been proposed, but their adoption has been hindered by the need for community consensus, cooperation in a public key infrastructure (PKI), and a common security protocol. Rather than force centralized control in a distributed network, this paper examines distributed security methods that are amenable to incremental deployment. Typically, such methods are less comprehensive and not provably secure. The paper describes a distributed anomaly detection and response system that provides comparable security to cryptographic methods and has a more plausible adoption path. Specifically, the paper makes the following contributions: (1) it describes pretty good BGP (PGBGP), whose security is comparable (but not identical) to secure origin BGP; (2) it gives theoretical proofs on the effectiveness of PGBGP; (3) it reports simulation experiments on a snapshot of the Internet topology annotated with the business relationships between neighboring networks; (4) it quantifies the impact that known exploits could have on the Internet; and (5) it determines the minimum number of ASes that would have to adopt a distributed security solution to provide global protection against these exploits. Taken together these results explore the boundary between what can be achieved with provably secure centralized security mechanisms for BGP and more distributed approaches that respect the autonomous nature of the Internet.