INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS

Ines Feki; Xiaoli Zheng; Mohammed Achemlal; Ahmed Serhrouchni

doi:10.5220/0002104201100117

INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS

Ines Feki, Xiaoli Zheng, Mohammed Achemlal, Ahmed Serhrouchni

2006

Abstract

Internet is composed of thousands of autonomous systems (AS). The Border Gateway Protocol (BGP) is the exterior routing protocol used to exchange network reachability information between border routers of each AS. The correctness of the exchanged information in BGP messages is crucial to the Internet routing system. Unfortunately, BGP is vulnerable to different attacks that have considerable impacts on routing system. Network prefix hijacking, where an AS illegitimately originates a prefix is one of the most important attacks. It allows the attacker to receive traffic in destination to the prefix owner. The attacker is then able to blackhole the traffic or to force it to take another path. Proposed solutions rely on public key infrastructures and cryptographic mechanisms to prevent incorrect routing information propagation. In practice these approaches involve many parties (Internet Service Providers, Operators, Vendors, and Regional Internet Registries) and are difficult to deploy. In this paper we formally define routing information correctness, especially the legitimacy of an AS to originate a prefix. We also propose a method to associate with an AS a legitimacy level to originate a prefix. We use Regional Internet Registry databases to initialize the legitimacy level. We also use received announcements and public routing data to update this legitimacy level. We finally describe all conceivable reactions facing origin AS changes.

Download

Paper Citation

in Harvard Style

Feki I., Zheng X., Achemlal M. and Serhrouchni A. (2006). INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 110-117. DOI: 10.5220/0002104201100117

in Bibtex Style

@conference{secrypt06,
author={Ines Feki and Xiaoli Zheng and Mohammed Achemlal and Ahmed Serhrouchni},
title={INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={110-117},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002104201100117},
isbn={978-972-8865-63-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS
SN - 978-972-8865-63-4
AU - Feki I.
AU - Zheng X.
AU - Achemlal M.
AU - Serhrouchni A.
PY - 2006
SP - 110
EP - 117
DO - 10.5220/0002104201100117