research-article

Free Access

Jumpstarting BGP Security with Path-End Validation

Authors:
Avichai Cohen

Hebrew University

Hebrew University
View Profile

,
Yossi Gilad

Boston University and MIT

Boston University and MIT
View Profile

,
Amir Herzberg

Bar Ilan University

Bar Ilan University
View Profile

,
Michael Schapira

Hebrew University

Hebrew University
View Profile

SIGCOMM '16: Proceedings of the 2016 ACM SIGCOMM ConferenceAugust 2016Pages 342–355https://doi.org/10.1145/2934872.2934883

Published:22 August 2016Publication History

SIGCOMM '16: Proceedings of the 2016 ACM SIGCOMM Conference

Pages 342–355

ABSTRACT

Extensive standardization and R&D efforts are dedicated to establishing secure interdomain routing. These efforts focus on two mechanisms: origin authentication with RPKI, and path validation with BGPsec. However, while RPKI is finally gaining traction, the adoption of BGPsec seems not even on the horizon due to inherent, possibly insurmountable, obstacles, including the need to replace today's routing infrastructure, the overhead of online cryptography, and meagre benefits in partial deployment. Consequently, secure interdomain routing remains a distant dream. We propose an easily deployable, modest extension to RPKI, called ``path-end validation'', which does not entail replacing/upgrading today's BGP routers nor online cryptographic operations. We show, through rigorous security analyses and extensive simulations on empirically-derived datasets, that path-end validation yields significant security benefits even in very limited partial adoption. We present an open-source, readily deployable prototype implementation of path-end validation.

Supplemental Material

p342.mp4

mp4

365.9 MB

Download

References

1.Hijack Event Today by Indosat. BGPmon.Google Scholar
2.New Threat: Targeted Internet Traffic Misdirection. Renesys blog.Google Scholar
3.Routing Hiccup Briefly takes Google Down Worldwide. Thousand Eyes blog.Google Scholar
4.Spotify Route Leak. Thousand Eyes blog.Google Scholar
5.Turkey Hijacking IP addresses for popular Global DNS providers. BGPmon.Google Scholar
6.Pakistan Hijacks YouTube. Renesys Blog, Feb. 2008.Google Scholar
7.BGP Routing Incidents in 2014, Malicious or Not? http://www.bgpmon.net/bgp-routing-incidents-in-2014-malicious-or-not, 2015. BGPMon.Google Scholar
8.CAIDA AS Relationships Dataset. http://www.caida.org/data/as-relationships/, Jan. 2016.Google Scholar
9.Andree Toonk. BGP Hijack Incident by Syrian Telecomunications Establishment. BGPmon, 2015.Google Scholar
10.H. Ballani, P. Francis, and X. Zhang. A Study of Prefix Hijacking and Interception in the Internet. In proc. of ACM SIGCOMM, pages 265–276, 2007. Google ScholarDigital Library
11.S. Bellovin, R. Bush, and D. Ward. Security Requirements for BGP Path Validation. RFC 7353 (Informational), Aug. 2014.Google Scholar
12.R. Bush and R. Austein. The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810 (Proposed Standard), Jan. 2013.Google Scholar
13.K. R. B. Butler, T. R. Farley, P. McDaniel, and J. Rexford. A Survey of BGP Security Issues and Solutions. proc. of the IEEE, 98(1):100–122, 2010.Google ScholarCross Ref
14.H. Chan, D. Dash, A. Perrig, and H. Z. 0001. Modeling Adoptability of Secure BGP Protocols. In L. Rizzo, T. E. Anderson, and N. McKeown, editors, SIGCOMM, pages 279–290. ACM, 2006. Google ScholarDigital Library
15.A. Cohen, Y. Gilad, A. Herzberg, and M. Schapira. One Hop for RPKI, One Giant Leap for BGP Security. In J. de Oliveira, J. Smith, K. J. Argyraki, and P. Levis, editors, HotNets, pages 10:1–10:7. ACM, 2015. Google ScholarDigital Library
16.T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Aug. 2008. Updated by RFCs 5746, 5878, 6176, 7465, 7507, 7568, 7627, 7685.Google Scholar
17.L. Gao and J. Rexford. Stable Internet Routing without Global Coordination. IEEE/ACM Transactions on Networking, 9(6):681–692, 2001. Google ScholarDigital Library
18.P. Gill, M. Schapira, and S. Goldberg. Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security. In SIGCOMM, pages 14–25, 2011. Google ScholarDigital Library
19.P. Gill, M. Schapira, and S. Goldberg. Modeling on Quicksand: Dealing with the Scarcity of Ground Truth in Interdomain Routing Data. Computer Communication Review, 42(1):40–46, 2012. Google ScholarDigital Library
20.V. Giotsas, S. Zhou, M. J. Luckie, and kc claffy. Inferring Multilateral Peering. In K. C. Almeroth, L. Mathy, K. Papagiannaki, and V. Misra, editors, CoNEXT, pages 247–258. ACM, 2013. Google ScholarDigital Library
21.S. Goldberg. Why is it Taking so Long to Secure Internet Routing? Commun. ACM, 57(10):56–63, 2014. Google ScholarDigital Library
22.S. Goldberg, M. Schapira, P. Hummon, and J. Rexford. How Secure are Secure Interdomain Routing Protocols. In SIGCOMM, pages 87–98, 2010. Google ScholarDigital Library
23.S. Goldberg, M. Schapira, P. Hummon, and J. Rexford. How Secure are Secure Interdomain Routing Protocols? Computer Networks, 70:260–287, 2014. Google ScholarDigital Library
24.G. Huston, R. Loomans, and G. Michaelson. A Profile for Resource Certificate Repository Structure. RFC 6481 (Proposed Standard), Feb. 2012.Google Scholar
25.J. Karlin, S. Forrest, and J. Rexford. Pretty Good BGP: Improving BGP by Cautiously Adopting Routes. In ICNP, pages 290–299. IEEE Computer Society, 2006. Google ScholarDigital Library
26.S. Kent and K. Seo. Security Architecture for the Internet Protocol. RFC 4301 (Proposed Standard), Dec. 2005. Updated by RFCs 6040, 7619.Google Scholar
27.S. T. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 18(4):582–592, 2000. Google ScholarDigital Library
28.N. Kephart. Route Leak Causes Amazon and AWS Outage. Thousand Eyes blog, 2015.Google Scholar
29.X. Lee, X. Liu, Z. Yan, G. Geng, and Y. Fu. RPKI Deployment Considerations: Problem Analysis and Alternative Solutions. Internet Draft, Jan. 2016.Google Scholar
30.M. Lepinski and S. Kent. An Infrastructure to Support Secure Internet Routing. RFC 6480 (Informational), Feb. 2012.Google Scholar
31.J. Li, T. Ehrenkranz, and P. Elliott. Buddyguard: A Buddy System for Fast and Reliable Detection of IP Prefix Anomalies. In ICNP, pages 1–10. IEEE, 2012. Google ScholarDigital Library
32.R. Lychev, S. Goldberg, and M. Schapira. Brief Announcement: Network-Destabilizing Attacks. In D. Kowalski and A. Panconesi, editors, PODC, pages 331–332. ACM, 2012. Google ScholarDigital Library
33.R. Lychev, S. Goldberg, and M. Schapira. BGP Security in Partial Deployment: Is the Juice worth the Squeeze? In SIGCOMM, pages 171–182. ACM, 2013. Google ScholarDigital Library
34.E. M. Lepinski. BGPsec Protocol Specification. RFC 1, Oct. 2014.Google Scholar
35.Mirjam Kuhne. AS Path Lengths Over Time. https://labs.ripe.net/Members/mirjam/update-on-as-path-lengths-over-time, 2012.Google Scholar
36.P. Mohapatra, J. Scudder, D. Ward, R. Bush, and R. Austein. BGP Prefix Origin Validation. RFC 6811 (Proposed Standard), Jan. 2013.Google Scholar
37.NIST. RPKI Monitor. http://rpki-monitor.antd.nist.gov/, 2016.Google Scholar
38.Russ White. Rethinking Path Validation. NANOG 66, Feb. 2016.Google Scholar
39.Russ White. Rethinking Path Validation: Pt. 1, New Requirements. LinkedIn Engineering Blog, https://engineering.linkedin.com/blog/2016/03/rethinking-path-valid-pt1, Mar. 2016.Google Scholar
40.Russ White. Rethinking Path Validation: Pt. 2. LinkedIn Engineering Blog, https://engineering.linkedin.com/blog/2016/03/rethinking-path-validation--pt--2, Mar. 2016.Google Scholar
41.K. Sriram. BGPSEC Design Choices and Summary of Supporting Discussions. Internet draft, https://tools.ietf.org/html/draft-sriram-bgpsec-design-choices-08, July 2015.Google Scholar
42.K. Sriram, D. Montgomery, B. Dickson, K. Patel, and A. Robachevsky. Routing Hiccup Briefly takes Google Down Worldwide. Internet Draft.Google Scholar
43.R. Steenbergen. PeeringDB. http://www.peeringdb.com/, July 2015.Google Scholar
44.P. C. van Oorschot, T. Wan, and E. Kranakis. On Interdomain Routing Security and Pretty Secure BGP (psBGP). ACM Trans. Inf. Syst. Secur, 10(3), 2007. Google ScholarDigital Library
45.R. White. Deployment Considerations for Secure Origin BGP (soBGP), June 2003.Google Scholar
46.K. Zhang, A. Yen, X. Zhao, D. Massey, S. F. Wu, and L. Z. 0001. On Detection of Anomalous Routing Dynamics in BGP. In NETWORKING, volume 3042 of LNCS, pages 259–270. Springer, 2004.Google Scholar

Index Terms

Jumpstarting BGP Security with Path-End Validation
1. Security and privacy
  1. Network security

Recommendations

RPKI vs ROVER: comparing the risks of BGP security solutions
SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMM

BGP, the Internet's interdomain routing protocol, is highly vulnerable to routing failures that result from unintentional misconfigurations or deliberate attacks. To defend against these failures, recent years have seen the adoption of the Resource ...
Read More
Poster: Taking the Low Road: How RPKI Invalids Propagate
ACM SIGCOMM '23: Proceedings of the ACM SIGCOMM 2023 Conference

The Border Gateway Protocol (BGP) includes no mechanism to verify the correctness of routing information exchanged between networks. To defend against unauthorized use of address space, the IETF developed the Resource Public Key Infrastructure (RPKI), a ...
Read More
RFC 6916: Algorithm Agility Procedure for the Resource Public Key Infrastructure (RPKI)
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGCOMM '16: Proceedings of the 2016 ACM SIGCOMM Conference
August 2016
645 pages
ISBN:9781450341936
DOI:10.1145/2934872
General Chairs:
Marinho Barcellos
UFRGS
,
Jon Crowcroft
University of Cambridge
,
Program Chairs:
Amin Vahdat
Google
,
Sachin Katti
Stanford University
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 August 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
BGP security
RPKI
Routing security
Qualifiers
- research-article
Conference

Acceptance Rates
SIGCOMM '16 Paper Acceptance Rate39of231submissions,17%Overall Acceptance Rate554of3,547submissions,16%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 30
  Total Citations
  View Citations
- 2,207
  Total Downloads
- Downloads (Last 12 months)240
- Downloads (Last 6 weeks)44
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Jumpstarting BGP Security with Path-End Validation

SIGCOMM '16: Proceedings of the 2016 ACM SIGCOMM Conference

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

RPKI vs ROVER: comparing the risks of BGP security solutions

Poster: Taking the Low Road: How RPKI Invalids Propagate

RFC 6916: Algorithm Agility Procedure for the Resource Public Key Infrastructure (RPKI)