BGP with BGPsec: Attacks and Countermeasures

Qi Li; Jiajia Liu; Yih Chun Hu; Mingwei Xu; Jianping Wu

doi:10.1109/MNET.2018.1800171

BGP with BGPsec: Attacks and Countermeasures

Qi Li
, Jiajia Liu
, Yih Chun Hu
, Mingwei Xu
, Jianping Wu

Tsinghua University
Xidian University
University of Illinois at Urbana-Champaign

Research output: Contribution to journal › Article › peer-review

17 Scopus citations

Abstract

The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Original language	English
Article number	8594708
Pages (from-to)	194-200
Number of pages	7
Journal	IEEE Network
Volume	33
Issue number	4
DOIs	https://doi.org/10.1109/MNET.2018.1800171
State	Published - 1 Jul 2019
Externally published	Yes

Access to Document

10.1109/MNET.2018.1800171

Cite this

@article{144d6114db034ddeb8a1a0c9bcf176d3,

title = "BGP with BGPsec: Attacks and Countermeasures",

abstract = "The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.",

author = "Qi Li and Jiajia Liu and Hu, \{Yih Chun\} and Mingwei Xu and Jianping Wu",

note = "Publisher Copyright: {\textcopyright} 1986-2012 IEEE.",

year = "2019",

month = jul,

day = "1",

doi = "10.1109/MNET.2018.1800171",

language = "英语",

volume = "33",

pages = "194--200",

journal = "IEEE Network",

issn = "0890-8044",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "4",

}

TY - JOUR

T1 - BGP with BGPsec

T2 - Attacks and Countermeasures

AU - Li, Qi

AU - Liu, Jiajia

AU - Hu, Yih Chun

AU - Xu, Mingwei

AU - Wu, Jianping

PY - 2019/7/1

Y1 - 2019/7/1

N2 - The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

AB - The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

UR - https://www.scopus.com/pages/publications/85059362973

U2 - 10.1109/MNET.2018.1800171

DO - 10.1109/MNET.2018.1800171

M3 - 文章

AN - SCOPUS:85059362973

SN - 0890-8044

VL - 33

SP - 194

EP - 200

JO - IEEE Network

JF - IEEE Network

IS - 4

M1 - 8594708

ER -

BGP with BGPsec: Attacks and Countermeasures

Abstract

Access to Document

Other files and links

Fingerprint

Cite this