BGP with BGPsec: Attacks and Countermeasures

Qi Li; Jiajia Liu; Yih Chun Hu; Mingwei Xu; Jianping Wu

doi:10.1109/MNET.2018.1800171

BGP with BGPsec: Attacks and Countermeasures

Qi Li, Jiajia Liu, Yih Chun Hu, Mingwei Xu, Jianping Wu

科研成果: 期刊稿件 › 文章 › 同行评审

14 引用（Scopus）

摘要

The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

源语言	英语
文章编号	8594708
页（从-至）	194-200
页数	7
期刊	IEEE Network
卷	33
期	4
DOI	https://doi.org/10.1109/MNET.2018.1800171
出版状态	已出版 - 1 7月 2019
已对外发布	是

访问文件

10.1109/MNET.2018.1800171

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{144d6114db034ddeb8a1a0c9bcf176d3,

title = "BGP with BGPsec: Attacks and Countermeasures",

abstract = "The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.",

author = "Qi Li and Jiajia Liu and Hu, {Yih Chun} and Mingwei Xu and Jianping Wu",

note = "Publisher Copyright: {\textcopyright} 1986-2012 IEEE.",

year = "2019",

month = jul,

day = "1",

doi = "10.1109/MNET.2018.1800171",

language = "英语",

volume = "33",

pages = "194--200",

journal = "IEEE Network",

issn = "0890-8044",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "4",

}

TY - JOUR

T1 - BGP with BGPsec

T2 - Attacks and Countermeasures

AU - Li, Qi

AU - Liu, Jiajia

AU - Hu, Yih Chun

AU - Xu, Mingwei

AU - Wu, Jianping

PY - 2019/7/1

Y1 - 2019/7/1

N2 - The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

AB - The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

UR - http://www.scopus.com/inward/record.url?scp=85059362973&partnerID=8YFLogxK

U2 - 10.1109/MNET.2018.1800171

DO - 10.1109/MNET.2018.1800171

M3 - 文章

AN - SCOPUS:85059362973

SN - 0890-8044

VL - 33

SP - 194

EP - 200

JO - IEEE Network

JF - IEEE Network

IS - 4

M1 - 8594708

ER -

BGP with BGPsec: Attacks and Countermeasures

摘要

访问文件

其它文件与链接

指纹

引用此