• Article
  • | |
  • Metrics
  • |
  • Reference [28]
  • |
  • Related [20]
  • |
  • Cited by [2]
  • | |
  • Comments
    Abstract:

    The main topic of inter-domain routing security management is how to suppress the propagation of untrustworthy routes and malicious routing behaviors. Supervising and evaluating autonomous system’s (AS)routing behaviors is a key technology in this topic. This paper designs a distributed collaborative reputation mechanism of trustworthiness evaluation for AS’s routing behaviors. The mechanism takes in the statistical results on routing trustworthiness published by AS, uses a self-organizing method, employs posterior probability analysis,and finally calculates a reputation score for a particular AS. The score will be used as a metric on the trustworthiness of the routing information that AS propagates or announces afterwards. In simulations, this reputation mechanism has been shown to effectively contain AS’s bad behaviors, and hence improve the overall security of the inter-domain system. The reputation mechanism designed in this research supplies a reference to evaluation and analysis of AS’s routing behaviors. It has the following features: It supports incremental deployment.It needn’t modify the BGP protocol, so it is easy to be implemented.

    Reference
    [1] Rekhter Y, Li T, Hares S. A border gateway protocol (BGP Version 4). IETF Internet RFC, RFC 4271. 2006.
    [2] Butler K, Farley T, McDaniel P, Rexford J. A survey of BGP security. 2005. http://www.patrickmcdaniel.org/pubs/td-5ugj33.pdf
    [3] Roughgarden T. Selfish routing [Ph.D. Thesis]. Cornell University, 2002.
    [4] Bono VJ. 7007 explanation and apology. 1997. http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html
    [5] Popescu AC, Premore BJ, Underwood T. Abstract: Anatomy of a leak: AS9121. 2005. http://www.nanog.org/mtg-0505/underwood.html
    [6] Brown MA. Pakistan hijacks YouTube: A closer look. 2008. http://www.circleid.com/posts/82258_pakistan_hijacks_youtube_closer_look
    [7] PResnick P, Zeckhauser R, Friedman E, Kuwabara K. Reputation systems: Facilitating trust in Internet interactions.Communications of the ACM, 2000,43(12):45?48.
    [8] The North American Network Operators’ Group. 2008. http://www.nanog.org/
    [9] White R. Securing BGP through secure origin BGP (soBGP). The Internet Protocol Journal, 2003,6(3):15?22.
    [10] Wan T, Kranakis E, Oorschot PCv. Pretty secure BGP (psBGP). ACM Trans. on Information and System Security (TISSEC), 2007,10(3):1?41.
    [11] Kent S, Lynn C, Mikkelson J, Seo K. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas inCommunications, 2000,18(4):582?592.
    [12] Murphy S. BGP security vulnerabilities analysis. IETF Internet RFC, RFC 4272, 2006.
    [13] Siganos G, Faloutsos M. Analyzing BGP policies: Methodology and tool. In: Li VOK, ed. Proc. of the 23rd Annual Joint Conf. of the IEEE Computer and Communications Societies (INFOCOM 2004). Hong Kong: IEEE Press, 2004. 1640?1651.
    [14] Feamster N, Balakrishnan H. Detecting BGP configuration faults with static analysis. In: Vahdat A, ed. Proc. of the 2nd Symp. on Networked Systems Design & Implementation (NSDI 2005). Boston: USENIX Press, 2005. 43?56.
    [15] Goodell G, Aiello W, Griffin T. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing. In: Neuman C, ed. Proc. of the ISOC NDSS 2003. San Diego: National Security Agency Press, 2003. 75?85.
    [16] Pei D, Lad M, Zhang B, Massey D, Zhang LX. Route diagnosis in path vector protocols. 2004. http://www.cs.colostate.edu/~massey/pubs/tr/massey_uclatr040039.pdf
    [17] Lad M, Massey D, Pei D, Wu Y, Zhang B, Zhang LX. PHAS: A prefix hijack alert system. In: Keromytis AD, ed. Proc. of the 15th USENIX Security Symp. (Security 2006). Vancouver: USENIX Press, 2006. 153?166.
    [18] The RIPE NCC MyASN service. 2008. http://www.ris.ripe.net/myasn.html
    [19] J?sang A, Ismail R, Boyd C. A survey of trust and reputation systems for online service provision. Decision Support Systems, 2007,43(2):618?644.
    [20] Silaghi GC, Arenas AE, Silva LM. Reputation-Based trust management systems and their applicability to grids.2007.http://www.coregrid.net/mambo/images/stories/TechnicalReports/tr-0064.pdf
    [21] Cornelli F, Damiani E, Vimercati SDCd. Choosing reputable servents in a P2P network. In: Lassner D, ed. Proc. of the 11th Int’l World Wide Web Conf. (WWW 2002). Hawaii: World Wide Web Conf. Committee Press, 2002. 376?386.
    [22] Michiardi P, Molva R. CORE: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks. In:Blazic BJ, ed. Proc. of the Communications and Multimedia Security 2002. Portoroz: IFIP Press, 2002. 376?386.
    [23] Yu H, Rexford J, Felten EW. A distributed reputation approach to cooperative Internet routing protection. In: Fahmy S, ed. Proc. of the Secure Network Protocols 2005. Boston: IEEE Press, 2005. 73?78.
    [24] Mahajan R, Wetherall D, Anderson T. Understanding BGP misconfiguration. In: Steenkiste P, ed. Proc. of the ACM SIGCOMM 2002. ACM Press, 2002. 3?16.
    [25] Heckerman D. A tutorial on learning with Bayesian networks. In: Jordan M, ed. Learning in Graphical Models. MIT Press, 1998.
    [26] J?sang A, Ismail R. The beta reputation system. In: Gricar J, ed. Proc. of the 15th Bled Electronic Commerce Conf. Bled, 2002.1?14.
    [27] Dimitropoulos XA, Krioukov DV, Riley GF. Revisiting Internet AS-level topology discovery. In: Dovrolis C, ed. Proc. of the PAM 2005. LNCS 3431, Heidelberg: Springer-Verlag, 2005. 177?188.
    [28] AS65000 BGP routing table analysis report.2008. http://bgp.potaroo.net/as1221/bgp-active.html
    Comments
    Comments
    分享到微博
    Submit
Get Citation

胡宁,邹鹏,朱培栋.基于信誉机制的域间路由安全协同管理方法.软件学报,2010,21(3):505-515

Copy
Share
Article Metrics
  • Abstract:6643
  • PDF: 8080
  • HTML: 0
  • Cited by: 0
History
  • Received:December 07,2007
  • Revised:October 06,2008
You are the first2032465Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063