DocumentCode
1796870
Title
Incremental Deployment Strategies for Effective Detection and Prevention of BGP Origin Hijacks
Author
Gersch, Joseph ; Massey, Dan ; Papadopoulos, Christos
Author_Institution
Secure64 Software Corp., Fort Collins, CO, USA
fYear
2014
fDate
June 30 2014-July 3 2014
Firstpage
670
Lastpage
679
Abstract
A variety of solutions have been proposed for detecting and preventing IP hijack attacks. Despite potentially serious consequences these solutions have not been widely deployed, partially because many ISPs do not view their risk as large enough to warrant investment. Nevertheless, a number of organizations such as critical national infrastructure are at a very high risk level and require a deployed solution. Is it possible for these sites to be protected despite the majority apathy, given that a critical mass of ISPs is generally required to participate in the solution? We examine this conflict by presenting an approach which determines AS vulnerability based on topological location. We next examine the effectiveness of incremental security deployment. We separately examine BGP hijack detection which, if improperly peered, may completely miss a hijack. Finally, we address a pessimistic view with respect to deployment and propose an approach in which an autonomous system can act in its own self-interest to determine a minimal threshold for hijack detection or prevention.
Keywords
Internet; computer network security; AS vulnerability; BGP origin hijacks; IP hijack attacks; Internet protocol; Internet service providers; border gateway protocol; critical national infrastructure; hijack detection; hijack prevention; incremental deployment strategies; incremental security deployment; topological location; Analytical models; IP networks; Internet; Measurement; Resistance; Routing; Security; BGP; BGP Security; BGP hijack prevention; IP Hijacking; ROVER; Routing; Security; simulation;
fLanguage
English
Publisher
ieee
Conference_Titel
Distributed Computing Systems (ICDCS), 2014 IEEE 34th International Conference on
Conference_Location
Madrid
ISSN
1063-6927
Print_ISBN
978-1-4799-5168-0
Type
conf
DOI
10.1109/ICDCS.2014.74
Filename
6888942
Link To Document