liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Does Scale, Size, and Locality Matter? Evaluation of Collaborative BGP Security Mechanisms
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
2016 (English)In: Proc. IFIP Networking, Vienna, Austria, May 2016., 2016Conference paper (Refereed)
Abstract [en]

The Border Gateway Protocol (BGP) was not designed with security in mind and is vulnerable to many attacks, including prefix/subprefix hijacks, interception attacks, and imposture attacks. Despite many protocols having been proposed to detect or prevent such attacks, no solution has been widely deployed. Yet, the effectiveness of most proposals relies on largescale adoption and cooperation between many large Autonomous Systems (AS). In this paper we use measurement data to evaluate some promising, previously proposed techniques in cases where they are implemented by different subsets of ASes, and answer questions regarding which ASes need to collaborate, the importance of the locality and size of the participating ASes, and how many ASes are needed to achieve good efficiency when different subsets of ASes collaborate. For our evaluation we use topologies and routing information derived from real measurement data. We consider collaborative detection and prevention techniques that use (i) prefix origin information, (ii) route path updates, or (iii) passively collected round-trip time (RTT) information. Our results and answers to the above questions help determine the effectiveness of potential incremental rollouts, incentivized or required by regional legislation, for example. While there are differences between the techniques and two of the three classes see the biggest benefits when detection/prevention is performed close to the source of an attack, the results show that significant gains can be achieved even with only regional collaboration.

Place, publisher, year, edition, pages
2016.
National Category
Computer Science Communication Systems
Identifiers
URN: urn:nbn:se:liu:diva-129430OAI: oai:DiVA.org:liu-129430DiVA: diva2:939403
Conference
Proc. IFIP Networking, Vienna, Austria, May 2016
Available from: 2016-06-19 Created: 2016-06-19 Last updated: 2016-06-30

Open Access in DiVA

No full text

Other links

http://dl.ifip.org/db/conf/networking/networking2016/1570236192.pdf

Search in DiVA

By author/editor
Hiran, RahulCarlsson, NiklasShahmehri, Nahid
By organisation
Database and information techniquesFaculty of Science & Engineering
Computer ScienceCommunication Systems

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 39 hits
ReferencesLink to record
Permanent link

Direct link