|
|
Type of Document Thesis Author Sanchez, Fernando Xavier URN etd-07092007-151641 Title BGP Anomalies Detection Based on Internet Numbers Allocation Degree Master of Science Department Computer Science, Department of Advisory Committee
Advisor Name Title Breno de Mederios Committee Member Xin Yuan Committee Member Keywords
- Prefix Hijacking
- Anomalies Detection
- Security
- Routing
- Bgp
- Bgp Security
Date of Defense 2007-07-02 Availability unrestricted Abstract The Internet is composed of tens of thousands of network domains or Autonomous Systems (ASes), and Border Gateway Protocol (BGP) is the current {em de facto} inter-domain routing protocol used by network domains to exchange reachability of network prefixes. Despite of its vital importance to the correct operation of the global Internet, it is vulnerable to a nu
mber of security attacks including prefix hijacking and sub-prefix hijacking. One of the major security problems with BGP is the lack of mechanisms to authenticate or validate a rout
e announced by a neighbor. Over the years, many large-scale BGP security events have been reported, where large blocks of the Internet prefixes became unreacheable because of invalid
advertisement of routes. Although many of the reported events were caused by
unintentional misconfiguration, they nevertheless demonstrated the potential security problem of BGP.
In this thesis we develop and study a new scheme to detect abnormal BGP updates including prefix and sub-prefix hijacking. This scheme correlates the network prefix and AS number all
ocation information that is publically available to determine if a received route is safe. One critical advantage of the scheme is that it can be incrementally deployed by individual
ASes which wish to identify and isolate the invalid routes. In this
thesis we verify the effectiveness of the proposed scheme using the network prefix and AS number allocation information maintained by the main Regional Internet Registries (RIR) and
the Internet Assigned Number Authority (IANA). Our performance studies show that the proposed scheme, though simple, can be quite effective in detecting prefix and sub-prefix hijacki
ng attacks, despite of the incompleteness of the databases.
%n this thesis we study properties, related to ownership and registration, of prefixes and AS numbers. Based on these properties we present a new mechanism, %using public allocation
data, to allow operators detect possible anomalies on BGP Update messages to prevent prefix hijacking and de-agreagation. We use %public infomation maintained by the main Regional In
ternet Registries (RIR) and IANA. Our system shows to be an simple, though effective, tool to improve %security of BGP that can be deployed incrementally without need to modify the B
GP protocol.
Additionally, we suggest that in convination with our system, better policies for updating and maintaining allocation information should be followed.
Files
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access thesis.pdf 146.04 Kb 00:00:40 00:00:20 00:00:18 00:00:09 < 00:00:01