BGP with BGPsec: Attacks and Countermeasures

被引：9

作者：

Li, Qi ^{[1
]}

Liu, Jiajia ^{[2
]}

Hu, Yih-Chun ^{[3
]}

Xu, Mingwei ^{[4
]}

Wu, Jianping ^{[4
]}

机构：

[1] Tsinghua Univ, Grad Sch Shenzhen, Beijing, Peoples R China

[2] Xidian Univ, Sch Cyber Engn, Xian, Shaanxi, Peoples R China

[3] Univ Illinois, Dept Elect & Comp Engn, Urbana, IL USA

[4] Tsinghua Univ, Dept Comp Sci, Xian, Shaanxi, Peoples R China

来源：

IEEE NETWORK | 2019年 / 33卷 / 04期

基金：

中国国家自然科学基金; 国家重点研发计划;

关键词：

Security of data - Routing protocols;

D O I：

10.1109/MNET.2018.1800171

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

引用

页码：194 / 200

页数：7

共 50 条

[1] BGP Attacks and Countermeasures in Heterogeneous Networks
Luo, Yun-Fang
Hu, Rui-Min
Yang, Yu-Hong
[J]. 2007 INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-15, 2007, : 2334 - +
[2] BGP Route Leak Prevention Based on BGPsec
Jin, Jian
[J]. 2018 IEEE 88TH VEHICULAR TECHNOLOGY CONFERENCE (VTC-FALL), 2018,
[3] Beware of BGP attacks
Nordström, O
Dovrolis, C
[J]. ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2004, 34 (02) : 1 - 8
[4] Invalidating Idealized BGP Security Proposals and Countermeasures
Li, Qi
Zhang, Xinwen
Zhang, Xin
Su, Purui
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2015, 12 (03) : 298 - 311
[5] Combined Attacks and Countermeasures
Vetillard, Eric
Ferrari, Anthony
[J]. SMART CARD RESEARCH AND ADVANCED APPLICATION, PROCEEDINGS, 2010, 6035 : 133 - 147
[6] Detecting selective dropping attacks in BGP
Chuah, M.
Huang, K.
[J]. 31ST IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, 2006, : 959 - +
[7] A Taxonomy of Attacks Using BGP Blackholing
Miller, Loic
Pelsser, Cristel
[J]. COMPUTER SECURITY - ESORICS 2019, PT I, 2019, 11735 : 107 - 127
[8] Attacks and countermeasures in the internet of vehicles
Sun, Yunchuan
Wu, Lei
Wu, Shizhong
Li, Shoupeng
Zhang, Tao
Zhang, Li
Xu, Junfeng
Xiong, Yongping
Cui, Xuegang
[J]. ANNALS OF TELECOMMUNICATIONS, 2017, 72 (5-6) : 283 - 295
[9] Overview of SIP Attacks and Countermeasures
El-moussa, Fadi
Mudhar, Parmindher
Jones, Andy
[J]. INFORMATION SECURITY AND DIGITAL FORENSICS, 2010, 41 : 82 - +
[10] SIDE CHANNEL ATTACKS AND COUNTERMEASURES
[J]. China Communications, 2015, (06) : 6 - 7

← 1 2 3 4 5 →