针对前缀劫持的概率IP前缀认证(PIPA)

International Conference of Future Internet Pub Date : 2009-06-17 DOI:10.1145/1555697.1555725

Akmal Khan, T. Kwon, Hyunchul Kim

{"title":"针对前缀劫持的概率IP前缀认证(PIPA)","authors":"Akmal Khan, T. Kwon, Hyunchul Kim","doi":"10.1145/1555697.1555725","DOIUrl":null,"url":null,"abstract":"BGP is the most important component of Internet routing and yet it is vulnerable to many threats such as IP prefix hijacking, which has created significant problems over the decade. There have been two approaches to address the IP prefix hijacking issue: anomaly detection-based approach and cryptography-based one. Due to complexity and deployment concern of the latter, there are a lot of solutions that take the former approach. We propose a probabilistic IP prefix authentication (PIPA) scheme that leverages the existing BGP anomaly detection-based solutions as well as public internet registry information. That is, PIPA determines the authenticity of the pair (IP prefix, AS path) in BGP messages by using historical stability of the BGP information and internet registry data. We also discuss how to recover the hijacked IP prefixes in PIPA.","PeriodicalId":409750,"journal":{"name":"International Conference of Future Internet","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Probabilistic IP prefix authentication (PIPA) for prefix hijacking\",\"authors\":\"Akmal Khan, T. Kwon, Hyunchul Kim\",\"doi\":\"10.1145/1555697.1555725\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"BGP is the most important component of Internet routing and yet it is vulnerable to many threats such as IP prefix hijacking, which has created significant problems over the decade. There have been two approaches to address the IP prefix hijacking issue: anomaly detection-based approach and cryptography-based one. Due to complexity and deployment concern of the latter, there are a lot of solutions that take the former approach. We propose a probabilistic IP prefix authentication (PIPA) scheme that leverages the existing BGP anomaly detection-based solutions as well as public internet registry information. That is, PIPA determines the authenticity of the pair (IP prefix, AS path) in BGP messages by using historical stability of the BGP information and internet registry data. We also discuss how to recover the hijacked IP prefixes in PIPA.\",\"PeriodicalId\":409750,\"journal\":{\"name\":\"International Conference of Future Internet\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference of Future Internet\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1555697.1555725\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference of Future Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1555697.1555725","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

BGP是互联网路由最重要的组成部分，但它容易受到许多威胁，例如IP前缀劫持，这在过去十年中造成了重大问题。解决IP前缀劫持问题的方法有两种:基于异常检测的方法和基于加密的方法。由于后者的复杂性和部署问题，有许多解决方案采用前一种方法。我们提出了一种概率IP前缀认证(PIPA)方案，该方案利用了现有的基于BGP异常检测的解决方案以及公共互联网注册信息。即PIPA通过BGP信息和internet注册表数据的历史稳定性来确定BGP消息中对(IP前缀、AS路径)的真实性。我们还讨论了如何在PIPA中恢复被劫持的IP前缀。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Probabilistic IP prefix authentication (PIPA) for prefix hijacking

BGP is the most important component of Internet routing and yet it is vulnerable to many threats such as IP prefix hijacking, which has created significant problems over the decade. There have been two approaches to address the IP prefix hijacking issue: anomaly detection-based approach and cryptography-based one. Due to complexity and deployment concern of the latter, there are a lot of solutions that take the former approach. We propose a probabilistic IP prefix authentication (PIPA) scheme that leverages the existing BGP anomaly detection-based solutions as well as public internet registry information. That is, PIPA determines the authenticity of the pair (IP prefix, AS path) in BGP messages by using historical stability of the BGP information and internet registry data. We also discuss how to recover the hijacked IP prefixes in PIPA.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Conference of Future Internet

自引率

0.00%

发文量

期刊最新文献

A Framework for the Analysis of BGP Data over Long Timescales SuVMF: software-defined unified virtual monitoring function for SDN-based large-scale networks Oblivious DDoS mitigation with locator/ID separation protocol Content-hierarchical intra-domain cooperative caching for information-centric networks NECOMAtter: curating approach for sharing cyber threat information