-
[show abstract]
[hide abstract]
ABSTRACT: The Internet routing system plays an essential role of gluing together tens of thousands of individual networks to create a global data delivery substrate. Over the years many efforts have been devoted to securing the routing system and a plethora of solutions have been proposed. Yet none of the solutions has seen wide adoption in the operational Internet and the routing system security remains a serious concern. In this paper we articulate the fundamental challenges in rolling out new security solutions to the global routing system by categorizing the various proposed solutions into a few classes and identifying the difficulties and remaining issues in deploying each class of solutions. Our examination of the solution space shows that monitoring is an essential component in securing the routing system, and that the "detect and react'' class of solutions have the lowest hurdle in deployment and thus are most readily acceptable by the network operational community.
Applications and the Internet, 2009. SAINT '09. Ninth Annual International Symposium on; 08/2009
-
[show abstract]
[hide abstract]
ABSTRACT: The global Internet routing infrastructure is a large and complex distributed system where routing changes occur constantly. Our objective in this paper is to develop a simple and effective inference solution that can identify the AS or inter-AS link failures that trigger large scale routing changes in near realtime. We achieve this goal through a novel approach based on link weights. We measure the weight of each inter-AS link by the number of routes carried over that link, and keep track of its expected value and variance. We then correlate the weight changes of adjacent links and use a min-cut heuristic to find candidates for the origin of change. This work makes three contributions. First, we keep track of link weights rather than the routes of individual prefixes and thus our analysis is based on an aggregate view. Second, we use expected value and mean deviation of the link weights to identify routing events and distinguish route changes caused by failures from those by recoveries. Finally we use a min-cut heuristic based on the classification of routing events to accurately identify the AS or inter-AS link most likely responsible for the observed route changes. We verified our design using BGP data collected from operational Internet. Our efficient and accurate routing diagnosis solution can greatly help us gain better understanding of the dynamics in the operational Internet.
Network Protocols, 2007. ICNP 2007. IEEE International Conference on; 11/2007
-
[show abstract]
[hide abstract]
ABSTRACT: In this paper we propose a new routing protocol and address scheme, geographically informed inter-domain routing (GIRO). GIRO departs from previous geographic addressing proposals in that it uses geographic information to assist, not to replace, the provider-based IP address allocation and policy-based routing. We show that, by incorporating geographic information into the IP address structure, GIRO can significantly improve the scalability and performance of the global Internet routing system. Within the routing policy constraints, geographic information enables the selection of shortest available routing paths. We evaluate GIRO'S performance through simulations using a Rocketfuel-measured Internet topology. Our results show that, compared to the current practice, GIRO can reduce the geographic distance for 70% of the existing BGP paths, and the reduction is more than 40% for about 20% of the paths. Furthermore, encoding geographic information into IP addresses also enables GIRO to apply geographical route aggregation, and a combination of geographic and topological aggregation can lead to 75% reduction of the current BGP routing table size.
Network Protocols, 2007. ICNP 2007. IEEE International Conference on; 11/2007
-
[show abstract]
[hide abstract]
ABSTRACT: A prefix hijack attack involves an attacker announcing victim networks' IP prefixes into the global routing system. As a result, data traffic from portions of the Internet can be diverted to attacker networks. Prefix hijack attacks are a serious security threat in the Internet and it is important to understand the factors that affect the resiliency of victim networks against these attacks. In this paper, we conducted a systematic study to gauge the effectiveness of prefix hijacks launched at different locations in the Internet topology. Our study shows that direct customers of multiple tier-1 networks are the most resilient, even more than the tier-1 networks themselves. Conversely, if these customer networks are used to launch prefix hijacks, they would also be the most effective launching pads for attacks. We verified our results through case studies using real prefix hijack incidents that had occurred in the Internet.
Dependable Systems and Networks, 2007. DSN '07. 37th Annual IEEE/IFIP International Conference on; 07/2007
