Identifying and Addressing Reachability and Policy Attacks in 'Secure' BGP
| Autor: | Arun Venkataramani, Lixin Gao, Yang Song |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Router
Routing protocol Computer Networks and Communications Computer science Cryptography 02 engineering and technology Computer security computer.software_genre 0202 electrical engineering electronic engineering information engineering Electrical and Electronic Engineering Authentication business.industry ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Network mapping 020206 networking & telecommunications Computer Science Applications Distance-vector routing protocol Link-state routing protocol Key (cryptography) Default-free zone 020201 artificial intelligence & image processing The Internet business computer Software Computer network |
| Zdroj: | IEEE/ACM Transactions on Networking. 24:2969-2982 |
| ISSN: | 1558-2566 1063-6692 |
| Popis: | BGP is known to have many security vulnerabilities due to the very nature of its underlying assumptions of trust among independently operated networks. Most prior efforts have focused on attacks that can be addressed using traditional cryptographic techniques to ensure authentication or integrity, e.g., BGPSec and related works. Although augmenting BGP with authentication and integrity mechanisms is critical, they are, by design, far from sufficient to prevent attacks based on manipulating the complex BGP protocol itself. In this paper, we identify two serious attacks on two of the most fundamental goals of BGP—to ensure reachability and to enable ASes to pick routes available to them according to their routing policies—even in the presence of BGPSec-like mechanisms. Our key contributions are to 1 formalize a series of critical security properties, 2 experimentally validate using commodity router implementations that BGP fails to achieve those properties, 3 quantify the extent of these vulnerabilities in the Internet's AS topology, and 4 propose simple modifications to provably ensure that those properties are satisfied. Our experiments show that, using our attacks, a single malicious AS can cause thousands of other ASes to become disconnected from thousands of other ASes for arbitrarily long, while our suggested modifications almost completely eliminate such attacks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|