Efficient techniques for detecting false origin advertisements in inter-domain routing

Sophie Y. Qiu, Fabian Monrose, Andreas Terzis, Patrick D. McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

The Border Gateway Protocol (BGP), and hence the Internet, remains critically vulnerable to a range of prefix forgery attacks. In this paper, we address these attacks by proposing a non-cryptographic, incrementally deployable mechanism to probabilistically detect forged BGP origin advertisements. Upon receiving an advertisement from a "suspicious" origin, the receiving domain intelligently probes other ASes about the received information. Any dissenting information indicates potential forgery or error, and is reported by the polled ASes to the true origin and processed appropriately. In this design, we exploit the fact that the highly connected AStopology makes it difficult to block the dissemination of information as it traverses the Internet. We evaluate the effectiveness of our probing mechanism via simulation on realistic Internet topologies. The experiments show that 98% of forgeries can be detected even when as few as 10% of the ASes participate in the protocol under a naïve polling stratagem. Moreover; we show that judicious node selection can further improve detection rates while minimizing the number of probes.

Original languageEnglish (US)
Title of host publication2nd Workshop on Secure Network Protocols, NPSec
Pages12-19
Number of pages8
DOIs
StatePublished - 2006
Event2006 2nd Workshop on Secure Network Protocols, NPSec - Santa Barbara, CA, United States
Duration: Nov 12 2006Nov 12 2006

Publication series

Name2nd Workshop on Secure Network Protocols, NPSec

Other

Other2006 2nd Workshop on Secure Network Protocols, NPSec
Country/TerritoryUnited States
CitySanta Barbara, CA
Period11/12/0611/12/06

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Efficient techniques for detecting false origin advertisements in inter-domain routing'. Together they form a unique fingerprint.

Cite this