2014
DOI: 10.1016/j.comnet.2014.05.007
|View full text |Cite
|
Sign up to set email alerts
|

How secure are secure interdomain routing protocols?

Abstract: In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information. To inform discussions of which of these variants should be deployed in the Internet, we quantify the ability of the main protocols (origin authentication, soBGP, S-BGP, and data-plane verification) to blunt trafficattraction attacks; i.e., , an attacker that deliberately attracts traffic to drop, tamper, or eavesdrop on packets.Intuition suggests that an attacker can m… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
87
0

Year Published

2014
2014
2018
2018

Publication Types

Select...
4
2
2

Relationship

2
6

Authors

Journals

citations
Cited by 36 publications
(88 citation statements)
references
References 28 publications
0
87
0
Order By: Relevance
“…Each AS a computes routes to a given destination AS dest based on a ranking of simple (loop-free) routes between itself and the destination, and an export policy, which specifies, for any such route, the set of neighbors to which that route should be announced. We next present a specific model of routing policies that is often used to simulate BGP routing (see, e.g., [4,31,32]). …”
Section: Routing Policiesmentioning
confidence: 99%
“…Each AS a computes routes to a given destination AS dest based on a ranking of simple (loop-free) routes between itself and the destination, and an export policy, which specifies, for any such route, the set of neighbors to which that route should be announced. We next present a specific model of routing policies that is often used to simulate BGP routing (see, e.g., [4,31,32]). …”
Section: Routing Policiesmentioning
confidence: 99%
“…Open Problems. The routing security improvements promised by the RPKI [8,18,29] motivate efforts to harden the RPKI against errors, misconfigurations, and abuse; indeed, concurrently to our work there have been new steps in this direction in the IETF [7,16,25]. There are a number of issues to address.…”
Section: Conclusion and Open Problemsmentioning
confidence: 99%
“…Moreover, almost all of the routing attacks seen in the wild (e.g., [13,32,40]) could be prevented if Internet routers dropped routes that the RPKI deems invalid; dropping RPKI-invalid routes is also surprisingly effective against more advanced routing attacks, even those that the RPKI was not designed to prevent [18,29].…”
Section: Introductionmentioning
confidence: 99%
“…Again with an exclusive focus on security rather than traffic economics, [9] concludes that filtering is ineffective and that S-BGP is too heavy to get deployed. Goldberg et al [8] study robustness of S-BGP and other secure routing protocols to traffic attraction. [8] argues that the secure routing protocols fail to neutralize traffic attraction and need to be supplemented with defensive filtering.…”
Section: N Impact On Path Lengthsmentioning
confidence: 99%
“…Goldberg et al [8] study robustness of S-BGP and other secure routing protocols to traffic attraction. [8] argues that the secure routing protocols fail to neutralize traffic attraction and need to be supplemented with defensive filtering.…”
Section: N Impact On Path Lengthsmentioning
confidence: 99%