ABSTRACT
Extensive standardization and R&D efforts are dedicated to establishing secure interdomain routing. These efforts focus on two mechanisms: origin authentication with RPKI, and path validation with BGPsec. However, while RPKI is finally gaining traction, the adoption of BGPsec seems not even on the horizon due to inherent, possibly insurmountable, obstacles, including the need to replace today's routing infrastructure, the overhead of online cryptography, and meagre benefits in partial deployment. Consequently, secure interdomain routing remains a distant dream. We propose an easily deployable, modest extension to RPKI, called ``path-end validation'', which does not entail replacing/upgrading today's BGP routers nor online cryptographic operations. We show, through rigorous security analyses and extensive simulations on empirically-derived datasets, that path-end validation yields significant security benefits even in very limited partial adoption. We present an open-source, readily deployable prototype implementation of path-end validation.
Supplemental Material
- 1.Hijack Event Today by Indosat. BGPmon.Google Scholar
- 2.New Threat: Targeted Internet Traffic Misdirection. Renesys blog.Google Scholar
- 3.Routing Hiccup Briefly takes Google Down Worldwide. Thousand Eyes blog.Google Scholar
- 4.Spotify Route Leak. Thousand Eyes blog.Google Scholar
- 5.Turkey Hijacking IP addresses for popular Global DNS providers. BGPmon.Google Scholar
- 6.Pakistan Hijacks YouTube. Renesys Blog, Feb. 2008.Google Scholar
- 7.BGP Routing Incidents in 2014, Malicious or Not? http://www.bgpmon.net/bgp-routing-incidents-in-2014-malicious-or-not, 2015. BGPMon.Google Scholar
- 8.CAIDA AS Relationships Dataset. http://www.caida.org/data/as-relationships/, Jan. 2016.Google Scholar
- 9.Andree Toonk. BGP Hijack Incident by Syrian Telecomunications Establishment. BGPmon, 2015.Google Scholar
- 10.H. Ballani, P. Francis, and X. Zhang. A Study of Prefix Hijacking and Interception in the Internet. In proc. of ACM SIGCOMM, pages 265–276, 2007. Google ScholarDigital Library
- 11.S. Bellovin, R. Bush, and D. Ward. Security Requirements for BGP Path Validation. RFC 7353 (Informational), Aug. 2014.Google Scholar
- 12.R. Bush and R. Austein. The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810 (Proposed Standard), Jan. 2013.Google Scholar
- 13.K. R. B. Butler, T. R. Farley, P. McDaniel, and J. Rexford. A Survey of BGP Security Issues and Solutions. proc. of the IEEE, 98(1):100–122, 2010.Google ScholarCross Ref
- 14.H. Chan, D. Dash, A. Perrig, and H. Z. 0001. Modeling Adoptability of Secure BGP Protocols. In L. Rizzo, T. E. Anderson, and N. McKeown, editors, SIGCOMM, pages 279–290. ACM, 2006. Google ScholarDigital Library
- 15.A. Cohen, Y. Gilad, A. Herzberg, and M. Schapira. One Hop for RPKI, One Giant Leap for BGP Security. In J. de Oliveira, J. Smith, K. J. Argyraki, and P. Levis, editors, HotNets, pages 10:1–10:7. ACM, 2015. Google ScholarDigital Library
- 16.T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Aug. 2008. Updated by RFCs 5746, 5878, 6176, 7465, 7507, 7568, 7627, 7685.Google Scholar
- 17.L. Gao and J. Rexford. Stable Internet Routing without Global Coordination. IEEE/ACM Transactions on Networking, 9(6):681–692, 2001. Google ScholarDigital Library
- 18.P. Gill, M. Schapira, and S. Goldberg. Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security. In SIGCOMM, pages 14–25, 2011. Google ScholarDigital Library
- 19.P. Gill, M. Schapira, and S. Goldberg. Modeling on Quicksand: Dealing with the Scarcity of Ground Truth in Interdomain Routing Data. Computer Communication Review, 42(1):40–46, 2012. Google ScholarDigital Library
- 20.V. Giotsas, S. Zhou, M. J. Luckie, and kc claffy. Inferring Multilateral Peering. In K. C. Almeroth, L. Mathy, K. Papagiannaki, and V. Misra, editors, CoNEXT, pages 247–258. ACM, 2013. Google ScholarDigital Library
- 21.S. Goldberg. Why is it Taking so Long to Secure Internet Routing? Commun. ACM, 57(10):56–63, 2014. Google ScholarDigital Library
- 22.S. Goldberg, M. Schapira, P. Hummon, and J. Rexford. How Secure are Secure Interdomain Routing Protocols. In SIGCOMM, pages 87–98, 2010. Google ScholarDigital Library
- 23.S. Goldberg, M. Schapira, P. Hummon, and J. Rexford. How Secure are Secure Interdomain Routing Protocols? Computer Networks, 70:260–287, 2014. Google ScholarDigital Library
- 24.G. Huston, R. Loomans, and G. Michaelson. A Profile for Resource Certificate Repository Structure. RFC 6481 (Proposed Standard), Feb. 2012.Google Scholar
- 25.J. Karlin, S. Forrest, and J. Rexford. Pretty Good BGP: Improving BGP by Cautiously Adopting Routes. In ICNP, pages 290–299. IEEE Computer Society, 2006. Google ScholarDigital Library
- 26.S. Kent and K. Seo. Security Architecture for the Internet Protocol. RFC 4301 (Proposed Standard), Dec. 2005. Updated by RFCs 6040, 7619.Google Scholar
- 27.S. T. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 18(4):582–592, 2000. Google ScholarDigital Library
- 28.N. Kephart. Route Leak Causes Amazon and AWS Outage. Thousand Eyes blog, 2015.Google Scholar
- 29.X. Lee, X. Liu, Z. Yan, G. Geng, and Y. Fu. RPKI Deployment Considerations: Problem Analysis and Alternative Solutions. Internet Draft, Jan. 2016.Google Scholar
- 30.M. Lepinski and S. Kent. An Infrastructure to Support Secure Internet Routing. RFC 6480 (Informational), Feb. 2012.Google Scholar
- 31.J. Li, T. Ehrenkranz, and P. Elliott. Buddyguard: A Buddy System for Fast and Reliable Detection of IP Prefix Anomalies. In ICNP, pages 1–10. IEEE, 2012. Google ScholarDigital Library
- 32.R. Lychev, S. Goldberg, and M. Schapira. Brief Announcement: Network-Destabilizing Attacks. In D. Kowalski and A. Panconesi, editors, PODC, pages 331–332. ACM, 2012. Google ScholarDigital Library
- 33.R. Lychev, S. Goldberg, and M. Schapira. BGP Security in Partial Deployment: Is the Juice worth the Squeeze? In SIGCOMM, pages 171–182. ACM, 2013. Google ScholarDigital Library
- 34.E. M. Lepinski. BGPsec Protocol Specification. RFC 1, Oct. 2014.Google Scholar
- 35.Mirjam Kuhne. AS Path Lengths Over Time. https://labs.ripe.net/Members/mirjam/update-on-as-path-lengths-over-time, 2012.Google Scholar
- 36.P. Mohapatra, J. Scudder, D. Ward, R. Bush, and R. Austein. BGP Prefix Origin Validation. RFC 6811 (Proposed Standard), Jan. 2013.Google Scholar
- 37.NIST. RPKI Monitor. http://rpki-monitor.antd.nist.gov/, 2016.Google Scholar
- 38.Russ White. Rethinking Path Validation. NANOG 66, Feb. 2016.Google Scholar
- 39.Russ White. Rethinking Path Validation: Pt. 1, New Requirements. LinkedIn Engineering Blog, https://engineering.linkedin.com/blog/2016/03/rethinking-path-valid-pt1, Mar. 2016.Google Scholar
- 40.Russ White. Rethinking Path Validation: Pt. 2. LinkedIn Engineering Blog, https://engineering.linkedin.com/blog/2016/03/rethinking-path-validation--pt--2, Mar. 2016.Google Scholar
- 41.K. Sriram. BGPSEC Design Choices and Summary of Supporting Discussions. Internet draft, https://tools.ietf.org/html/draft-sriram-bgpsec-design-choices-08, July 2015.Google Scholar
- 42.K. Sriram, D. Montgomery, B. Dickson, K. Patel, and A. Robachevsky. Routing Hiccup Briefly takes Google Down Worldwide. Internet Draft.Google Scholar
- 43.R. Steenbergen. PeeringDB. http://www.peeringdb.com/, July 2015.Google Scholar
- 44.P. C. van Oorschot, T. Wan, and E. Kranakis. On Interdomain Routing Security and Pretty Secure BGP (psBGP). ACM Trans. Inf. Syst. Secur, 10(3), 2007. Google ScholarDigital Library
- 45.R. White. Deployment Considerations for Secure Origin BGP (soBGP), June 2003.Google Scholar
- 46.K. Zhang, A. Yen, X. Zhao, D. Massey, S. F. Wu, and L. Z. 0001. On Detection of Anomalous Routing Dynamics in BGP. In NETWORKING, volume 3042 of LNCS, pages 259–270. Springer, 2004.Google Scholar
Index Terms
- Jumpstarting BGP Security with Path-End Validation
Recommendations
RPKI vs ROVER: comparing the risks of BGP security solutions
SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMMBGP, the Internet's interdomain routing protocol, is highly vulnerable to routing failures that result from unintentional misconfigurations or deliberate attacks. To defend against these failures, recent years have seen the adoption of the Resource ...
Poster: Taking the Low Road: How RPKI Invalids Propagate
ACM SIGCOMM '23: Proceedings of the ACM SIGCOMM 2023 ConferenceThe Border Gateway Protocol (BGP) includes no mechanism to verify the correctness of routing information exchanged between networks. To defend against unauthorized use of address space, the IETF developed the Resource Public Key Infrastructure (RPKI), a ...
Comments