Skip to main content
Springer Nature Link
Log in

SEM: A Security Evaluation Model for Inter-domain Routing System in the Internet

  • Conference paper
IP Operations and Management (IPOM 2008)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5275))

Included in the following conference series:

  • 321 Accesses

Abstract

Since the lack of necessary security mechanisms, the Internet’s inter-domain routing system, mainly based on the Border Gateway Protocol (BGP), inevitably faces with serious security threats. Although there are many researches focus on the security of inter-domain routing and BGP, few people have quantified the routing security of the current BGP system effectively. Moreover, Internet operators do need useful information to judge security threats of their autonomous systems (ASes) and BGP routers. In this paper, we propose a security evaluation model, SEM, to assess security threats of the routing system. The basic idea of SEM is simple, namely, the security status of the whole system rests with its parts’. In addition, we quantify security threats status of the routing information from RouteViews using our model. The experimental results show that the model can provide intuitive security threat indices for BGP routers, various ASes and the BGP system respectively, and further more, it can provide valuable, intuitional curve for Internet operators.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Yannuzzi, M., Masip-Bruin, X., Bonaventure, O.: Open Issues in Interdomain Routing: A Survey. IEEE NETWORK 19, 49–56 (2005)

    Article  Google Scholar 

  2. Christian, B., Tauber, T.: BGP Security Requirements. Internet-Draft: IETF (2006)

    Google Scholar 

  3. Butler, K., Farley, T., Rexford, J.: A Survey of BGP Security (2005), http://www.patrickmcdaniel.org/pubs/td-5ugj33.pdf

  4. Nordström, O., Dovrolis, C.: Beware of BGP Attacks. ACM SIGCOMM Computer Communications Review 34, 1–8 (2004)

    Article  Google Scholar 

  5. Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications, Special Issue on Network Security 18, 582–592 (2000)

    Google Scholar 

  6. White, R.: Securing BGP Through Secure Origin BGP. IPJ 6, 15–22 (2003)

    Google Scholar 

  7. Wan, T., Kranakis, E., Oorschot, P.v.: Pretty Secure BGP (psBGP). In: ISOC. San Diego, CA, USA (2005)

    Google Scholar 

  8. Routing protocols security working group, http://www.rpsec.org

  9. Popescu, A.C., Premore, B.J., Underwood, T.: Anatomy of a leak: As9121, http://www.nanog.org/mtg-0505/underwood.html

  10. Gradus tool, http://gradus.renesys.com

  11. Lad, M., Massey, D., Pei, D.: PHAS: A Prefix Hijack Alert System. In: Proceedings of 15th USENIX Security Symposium, pp. 153–166 (2006)

    Google Scholar 

  12. Ripe myasn system, http://www.ris.ripe.net/myasn.html

  13. Meyer, D.: Route Views Project, http://www.routeviews.org

  14. Feamster, N., Jung, J., Balakrishnan, H.: An Empirical Study of Bogon Route Advertisements. ACM SIGCOMM CCR 35, 63–71 (2005)

    Article  Google Scholar 

  15. Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Topology-based Detection of Anomalous BGP Messages. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 17–35. Springer, Heidelberg (2003)

    Google Scholar 

  16. Zhao, X., Pei, D., Wang, L., Massey, D., Mankin, A., Wu, S.F., Zhang, L.: Detection of Invalid Routing Announcement in the Internet. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN) (2002)

    Google Scholar 

  17. Bush, R.: Validation of Received Routes. In: NANOG (2000)

    Google Scholar 

  18. Rekhter, Y., Li, T., Hares, S.: A Border Gateway Protocol 4 (BGP-4), RFC 4271

    Google Scholar 

  19. Liu, X., Zhu, P.: A Rules-Based Approach to Anomaly Detection in Inter-domain Routing System. Journal of National University of Defense Technology 28, 71–76 (2006)

    Google Scholar 

  20. Wang, C., Wulf, W.A.: Towards a framework for security measurement. In: 20th National Information Systems Security Conference, Baltimore (1997)

    Google Scholar 

  21. Chen, X., Zheng, Q., Guan, X., Lin, C.: Quantitative Hierarchical Threat Evaluation Model for Network Security. Journal of Software 17, 885–897 (2006)

    Article  MATH  Google Scholar 

  22. Zhang, B., Liu, R., Massey, D., Zhang, L.: Collecting the Internet AS-level Topology. ACM SIGCOMM CCR, special issue on Internet Vital Statistics (2005)

    Google Scholar 

  23. Spring, N., Mahajan, R., Wetherall, D., Anderson, T.: Measuring ISP topologies with Rocketfuel. IEEE/ACM Trans. on Networking 12, 2–16 (2004)

    Article  Google Scholar 

  24. Mao, Z.M., Rexford, J., Wang, J., Katz, R.H.: Towards an Accurate As-Level Traceroute Tool. In: SIGCOMM 2003, Karlsruhe, Germany, pp. 365–378 (2003)

    Google Scholar 

  25. Subramanian, L.: Listen and whisper: Security mechanisms for BGP. In: First Symposium on Networked Systems Design and Implementation (NSDI 2004) (2004)

    Google Scholar 

  26. Wang, L., Zhao, X., Pei, D., Bush, R., Massey, D., Mankin, A., Wu, S., Zhang, L.: Protecting BGP Routes to Top Level DNS Servers. In: ICDCS (2003)

    Google Scholar 

  27. Karlin, J., Forrest, S., Rexford, J.: Pretty good bgp: Protecting bgp by cautiously selecting routes, University of New Mexico (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, 410073, China

    Xin Liu, Peidong Zhu & Yuxing Peng

Authors
  1. Xin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peidong Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuxing Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Electrical and Electronics Engineering Department, Bilkent University, 06800, Ankara, Turkey

    Nail Akar

  2. Institute of Telecommunications,, Warsaw University of Technology,, 00-661, Warsaw, Poland

    Michal Pioro

  3. Department of Information and Communications Systems Engineering, University of the Aegean, 811 00, Lesvos, Mytilene, Greece

    Charalabos Skianis

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, X., Zhu, P., Peng, Y. (2008). SEM: A Security Evaluation Model for Inter-domain Routing System in the Internet. In: Akar, N., Pioro, M., Skianis, C. (eds) IP Operations and Management. IPOM 2008. Lecture Notes in Computer Science, vol 5275. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87357-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-87357-0_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-87356-3

  • Online ISBN: 978-3-540-87357-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics