By Topic

AT: An Origin Verification Mechanism Based on Assignment Track for Securing BGP

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Na Wang ; Inf. Eng. Univ., Zhengzhou ; Yingjian Zhi ; Binqiang Wang

Due to the lack of the mechanism within BGP to verify the authority of an Autonomous System (AS) to announce Network Layer Reachable Information (NLRI), a specific IP prefix may be hijacked by a suspicious AS, leading to Internet instability even crash. Current proposals which adopt assignment attestations to guarantee validity of each step on address assignment path and an authorization attestation to guarantee that an AS is authorized to announce a prefix by an organization, are vulnerable to a prefix hijacking called "Malicious Service Provider (MSP)", because these proposals only ensure that an AS is authorized to announce a prefix by one of subscribing organizations in the assignment path of the prefix, not the last subscribing organization. An AS authorized by the last subscribing organization is the legitimate origin AS. It is analyzed that 60% ASes in the Internet may be vulnerable to "MSP" prefix hijacking. The paper proposes a novel origin verification mechanism called Assignment Track (AT), where all ASes must provide the assignment track and attestations (ATA) of their announced prefixes, and for a prefix, the AS which provides the longest valid assignment track is its origin AS. AT make valid prefix hijacking, sub-prefix hijacking and unused prefix hijacking, especially 'MSP' prefix hijacking impossible. Performance evaluation results show that AT only consumes 1.008 Mbytes memory based on RouteViews data on September 27, 2007, does not increase UPDATE message size, and scarcely delays route convergence under hardware implementation. AT can be applied in current BGP secure solutions and next generation inter-domain routing protocols.

Published in:

Communications, 2008. ICC '08. IEEE International Conference on

Date of Conference:

19-23 May 2008