• DocumentCode
    1796870
  • Title

    Incremental Deployment Strategies for Effective Detection and Prevention of BGP Origin Hijacks

  • Author

    Gersch, Joseph ; Massey, Dan ; Papadopoulos, Christos

  • Author_Institution
    Secure64 Software Corp., Fort Collins, CO, USA
  • fYear
    2014
  • fDate
    June 30 2014-July 3 2014
  • Firstpage
    670
  • Lastpage
    679
  • Abstract
    A variety of solutions have been proposed for detecting and preventing IP hijack attacks. Despite potentially serious consequences these solutions have not been widely deployed, partially because many ISPs do not view their risk as large enough to warrant investment. Nevertheless, a number of organizations such as critical national infrastructure are at a very high risk level and require a deployed solution. Is it possible for these sites to be protected despite the majority apathy, given that a critical mass of ISPs is generally required to participate in the solution? We examine this conflict by presenting an approach which determines AS vulnerability based on topological location. We next examine the effectiveness of incremental security deployment. We separately examine BGP hijack detection which, if improperly peered, may completely miss a hijack. Finally, we address a pessimistic view with respect to deployment and propose an approach in which an autonomous system can act in its own self-interest to determine a minimal threshold for hijack detection or prevention.
  • Keywords
    Internet; computer network security; AS vulnerability; BGP origin hijacks; IP hijack attacks; Internet protocol; Internet service providers; border gateway protocol; critical national infrastructure; hijack detection; hijack prevention; incremental deployment strategies; incremental security deployment; topological location; Analytical models; IP networks; Internet; Measurement; Resistance; Routing; Security; BGP; BGP Security; BGP hijack prevention; IP Hijacking; ROVER; Routing; Security; simulation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Distributed Computing Systems (ICDCS), 2014 IEEE 34th International Conference on
  • Conference_Location
    Madrid
  • ISSN
    1063-6927
  • Print_ISBN
    978-1-4799-5168-0
  • Type

    conf

  • DOI
    10.1109/ICDCS.2014.74
  • Filename
    6888942