Download presentation
Presentation is loading. Please wait.
Published byMelinda Todd Modified over 9 years ago
1
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes Josh Karlin, Stephanie Forrest, Jennifer Rexford IEEE International Conference on Network Protocols 2006
2
Outline What are current BGP security issues? What is PGBGP trying to solve? How does PGBGP solve it? How good is PGBGP? How bad is PGBGP? Shall we use it?
3
What are current BGP security issues? BGP4 (RFC1771) –Inter-domain routing, internet core –Link state protocol, distributed system Vulnerabilities –No encryption: eavesdropping –No timestamp: replaying –No signature: man-in-the-middle
4
What are current BGP security issues? Examples
5
What is PGBGP trying to solve? General requirements of a good solution –BGP is widely deployed: don’t modify the protocol –Route’s resource is stretched thin: don’t consume too much resource –ISPs are conservative: incremental deployable –ISPs are greedy: show good results!
6
What is PGBGP trying to solve? Prefix hijack –Shorter AS_PATH (man-in-the-middle) –MOAS (multiple origin AS)
7
How does PGBGP solve it? Basic idea –Suspicious Cautious –Use historical prefix-origin records –Damping suspicious prefix-origin announcement for 24 hours –Human investigation –Good for prefix/sub-prefix hijacks
8
How does PGBGP solve it? Algorithm History period – h hours clean Suspicious period – s hours quarantined Move h forward remove staleness, get freshness Parameters sensitivity h = 10 days : short FP, long repeat slips s = 24 hours : human response time
9
How does PGBGP solve it? Prefix Hijacks: conflict w/ unknown origins Sub-prefix hijacks: Conflict w/ known origins [Q1]?
10
How does PGBGP solve it? Mitigation –Avoid suspicious routes: lower preference Sub-prefix: quarantine, choose neighbor not having the suspicious routes (not really helpful) Never seen prefix / super-prefix will be adopted –Convergence consideration Obey relationship-based policy Dampened as if not announced
11
How good is PGBGP? Simulation –18,943 ASes, average 4 links per AS-AS –Simulator w/ policy-based routing –Deployment strategries: random -- p core+random -- 16 (15 degree+) + p –500 attacks per setup –Parameters: h = 3, s = 1 –Day 1, O; Day 2 O’
12
How good is PGBGP?
17
Conclusion: pretty good –Core + random deployment, 90%+ effective –Incrementally deployable –Out-of-core computation possible –Centralized computation possible –Overhead is small, real time possible –Extension: IAR (internet alert registry)
18
How bad is PGBGP? Limitations: –FP: Origin change, multi-homed –DoS + no other choice –lucky slips –Man-in-the-middle (put itself in AS_PATH) Conclusion: not to bad
19
Shall we use it? Critiques for the paper –FP delay propagation: 24+24+24+24+24 –Model human correction rate with prob. p1, FP rate p2 … –Some analysis is not thorough (e.g. Fig 3) –Undeployed ASes at risk (good & bad) –Distributed/Co-operated version Conclusion: try if you like
20
Shall we use it?
21
Questions Ask me: kuh205@lehigh.edu Email Josh Karlin: karlinjf@cs.unm.edu Interested in security research? chuah@cse.lehigh.edu
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.