Protecting BGP Routes to Top Level DNS Servers
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
ACM SIGCOMM Computer Communication Review
An internet routing forensics framework for discovering rules of abnormal BGP events
ACM SIGCOMM Computer Communication Review
Identity-based registry for secure interdomain routing
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Modeling adoptability of secure BGP protocol
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A light-weight distributed scheme for detecting ip prefix hijacks in real-time
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Large-scale testing of the Internet's Border Gateway Protocol (BGP) via topological scale-down
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Autonomous security for autonomous systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
SEM: A Security Evaluation Model for Inter-domain Routing System in the Internet
IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
A higher order collective classifier for detecting andclassifying network events
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Analysis of BGP origin as changes among Brazil-related autonomous systems
IPOM'07 Proceedings of the 7th IEEE international conference on IP operations and management
Safeguarding data delivery by decoupling path propagation and adoption
INFOCOM'10 Proceedings of the 29th conference on Information communications
Locating prefix hijackers using LOCK
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
StrobeLight: lightweight availability mapping and anomaly detection
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
A distributed reputation approach to cooperative internet routing protection
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Comparing ingress and egress detection to secure interdomain routing: An experimental analysis
ACM Transactions on Internet Technology (TOIT)
An incremental approach to enhance the accuracy of internet routing
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part II
| Hi-index | 0.00 |
Network measurement has shown that a specific IP address prefix may be announced by more than one autonomous system (AS), a phenomenon commonly referred to as Multiple Origin AS, or MOAS. MOAS can be due to either operational need to support multi-homing, or false route announcements due to configuration or implementation errors, or even by intentional attacks. Packets following such bogus routes will be either dropped or, in the case of an intentional attack, delivered to a machine of the attacker's choosing.This paper presents a protocol enhancement to BGP which enables BGP to detect bogus route announcements from false origins. Rather than imposing cryptography-based authentication and encryption to secure routing message exchanges, our solution makes use of the rich connectivity among ASes that exists in the Internet. Simulation results show that this simple solution can effectively detect false routing announcements even in the presence of multiple compromised routers, become more robust in larger topologies, and can substantially reduce the impact of false routing announcements even with a partial deployment.