loading
Documents

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Ines Feki 1 ; Xiaoli Zheng 1 ; Mohammed Achemlal 1 and Ahmed Serhrouchni 2

Affiliations: 1 France Telecom R&D, France ; 2 Telecom Paris, France

ISBN: 978-972-8865-63-4

Keyword(s): Internet routing, Security, BGP.

Related Ontology Subjects/Areas/Topics: Data and Systems Security ; Information and Systems Security ; Security Area Control ; Security in Information Systems ; Security Requirements

Abstract: Internet is composed of thousands of autonomous systems (AS). The Border Gateway Protocol (BGP) is the exterior routing protocol used to exchange network reachability information between border routers of each AS. The correctness of the exchanged information in BGP messages is crucial to the Internet routing system. Unfortunately, BGP is vulnerable to different attacks that have considerable impacts on routing system. Network prefix hijacking, where an AS illegitimately originates a prefix is one of the most important attacks. It allows the attacker to receive traffic in destination to the prefix owner. The attacker is then able to blackhole the traffic or to force it to take another path. Proposed solutions rely on public key infrastructures and cryptographic mechanisms to prevent incorrect routing information propagation. In practice these approaches involve many parties (Internet Service Providers, Operators, Vendors, and Regional Internet Registries) and are difficult to deploy. I n this paper we formally define routing information correctness, especially the legitimacy of an AS to originate a prefix. We also propose a method to associate with an AS a legitimacy level to originate a prefix. We use Regional Internet Registry databases to initialize the legitimacy level. We also use received announcements and public routing data to update this legitimacy level. We finally describe all conceivable reactions facing origin AS changes. (More)

PDF ImageFull Text

Download
Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 54.161.118.57

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Feki I.; Zheng X.; Achemlal M.; Serhrouchni A. and (2006). INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS.In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 110-117. DOI: 10.5220/0002104201100117

@conference{secrypt06,
author={Ines Feki and Xiaoli Zheng and Mohammed Achemlal and Ahmed Serhrouchni},
title={INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={110-117},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002104201100117},
isbn={978-972-8865-63-4},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - INTERNET ROUTING SECURITY: AN APPROACH TO DETECT AND TO REACT TO INCORRECT ADVERTISEMENTS
SN - 978-972-8865-63-4
AU - Feki, I.
AU - Zheng, X.
AU - Achemlal, M.
AU - Serhrouchni, A.
PY - 2006
SP - 110
EP - 117
DO - 10.5220/0002104201100117

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.