Title :
ROVER: Route Origin Verification Using DNS
Author :
Gersch, Joseph ; Massey, Dan
Author_Institution :
Secure64 Software Corp., Fort Collins, CO, USA
fDate :
July 30 2013-Aug. 2 2013
Abstract :
The Border Gateway Protocol (BGP) is a critical component of the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a consequence there are many well-documented BGP vulnera- bilities and resulting security exploits. This paper focuses on the design of the Route Origin Verification System (ROVER); a practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER is designed to work with existing systems whenever possible. In particular, ROVER exploits the reverse DNS for storing data and provides a fail-safe, best effort approach to authentication. The approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. The ROVER system is evaluated using both real operational systems and testbed deployments.
Keywords :
Internet; computer network security; cryptographic protocols; internetworking; network servers; routing protocols; BGP routing; DNS; ROVER; authenticated route filter; border gateway protocol; data storage; dynamic in-line BGP filtering; global Internet infrastructure; route origin verification system; security; subprefix hijack; Authentication; IP networks; Internet; Organizations; Real-time systems; Routing; Routing protocols;
Conference_Titel :
Computer Communications and Networks (ICCCN), 2013 22nd International Conference on
Conference_Location :
Nassau
Print_ISBN :
978-1-4673-5774-6
DOI :
10.1109/ICCCN.2013.6614187
