{"title":"Safeguarding Data Delivery by Decoupling Path Propagation and Adoption","authors":"Mingui Zhang, B. Liu, Beichuan Zhang","doi":"10.1109/INFCOM.2010.5462200","DOIUrl":null,"url":null,"abstract":"False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.","PeriodicalId":259639,"journal":{"name":"2010 Proceedings IEEE INFOCOM","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Proceedings IEEE INFOCOM","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFCOM.2010.5462200","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.
错误路由通知是一个严重的安全问题,它可能导致互联网上广泛的服务中断。最近已经提出并实施了许多检测系统,然而,检测攻击、通知运营商和停止虚假通知需要时间。因此,检测系统应辅以缓解方案,在攻击解决之前保护数据传输。我们提出了这样一种缓解方案,QBGP,它将路径的传播和采用路径进行数据转发解耦。QBGP不使用可疑路径转发数据流量,而是在路由系统中进行传播,方便检测攻击。它可以保护数据传输免受虚假子前缀、虚假起源、虚假节点和虚假链接的路由通知。QBGP只在有可疑路径的情况下才会产生开销,而在实际的BGP路径中,这种情况很少发生。大规模仿真和BGP跟踪分析结果表明,与Pretty Good BGP相比,QBGP具有轻量级、高效、收敛速度快、开销小等优点。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
