Securing Prefixes Against BGP Hijacking in a Cooperative Way
Author:
Affiliation:

Clc Number:

Fund Project:

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    BGP hijacking is one of the most severe threats facing current inter-domain routing system, but yet there still lack effective countermeasures. This paper models AS (autonomous system) level immunity to BGP hijacking as the possibility of the victim AS learning bogus routes via local BGP routing information, and presents the sufficient condition and necessary condition for an AS to be immune in the presence of BGP hijacking, as well as the upper bound of such immunity. Evaluation results show that more than 80% of ASes have no immunity to BGP hijacking at all and only less than 0.26% of ASes have immunity higher than 85%. Further analysis pinpoints the root cause of such low immunity—provider barrier that victim AS' providers prefer customer routes and prevent the propagation of bogus route to the victim. To tackle this barrier and improve AS level immunity against BGP hijacking, this study designs a cooperation based monitoring mechanism, and proposes a lightweight heuristic approach for each participant to select AS cooperators. This proposed mechanism is completely compatible to BGP, and is incrementally deployable. Experimental results show that by peering with only 25 cautiously selected ASes, one AS can significantly improve its immunity to 95%.

    Reference
    Related
    Cited by
Get Citation

王小强,朱培栋,卢锡城.防范路由劫持的协同监测方法.软件学报,2014,25(3):642-661

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:November 04,2011
  • Revised:November 28,2013
  • Adopted:
  • Online: November 28,2013
  • Published:
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063