• DocumentCode
    3254927
  • Title

    ROVER: Route Origin Verification Using DNS

  • Author

    Gersch, Joseph ; Massey, Dan

  • Author_Institution
    Secure64 Software Corp., Fort Collins, CO, USA
  • fYear
    2013
  • fDate
    July 30 2013-Aug. 2 2013
  • Firstpage
    1
  • Lastpage
    9
  • Abstract
    The Border Gateway Protocol (BGP) is a critical component of the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a consequence there are many well-documented BGP vulnera- bilities and resulting security exploits. This paper focuses on the design of the Route Origin Verification System (ROVER); a practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER is designed to work with existing systems whenever possible. In particular, ROVER exploits the reverse DNS for storing data and provides a fail-safe, best effort approach to authentication. The approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. The ROVER system is evaluated using both real operational systems and testbed deployments.
  • Keywords
    Internet; computer network security; cryptographic protocols; internetworking; network servers; routing protocols; BGP routing; DNS; ROVER; authenticated route filter; border gateway protocol; data storage; dynamic in-line BGP filtering; global Internet infrastructure; route origin verification system; security; subprefix hijack; Authentication; IP networks; Internet; Organizations; Real-time systems; Routing; Routing protocols;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Communications and Networks (ICCCN), 2013 22nd International Conference on
  • Conference_Location
    Nassau
  • Print_ISBN
    978-1-4673-5774-6
  • Type

    conf

  • DOI
    10.1109/ICCCN.2013.6614187
  • Filename
    6614187