BGP with BGPsec: Attacks and Countermeasures

Qi Li, Jiajia Liu, Yih Chun Hu, Mingwei Xu, Jianping Wu

Research output: Contribution to journalArticle

Abstract

The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

Original languageEnglish (US)
Article number8594708
Pages (from-to)194-200
Number of pages7
JournalIEEE Network
Volume33
Issue number4
DOIs
StatePublished - Jul 1 2019

Fingerprint

Network protocols
Internet

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Li, Q., Liu, J., Hu, Y. C., Xu, M., & Wu, J. (2019). BGP with BGPsec: Attacks and Countermeasures. IEEE Network, 33(4), 194-200. [8594708]. https://doi.org/10.1109/MNET.2018.1800171

BGP with BGPsec : Attacks and Countermeasures. / Li, Qi; Liu, Jiajia; Hu, Yih Chun; Xu, Mingwei; Wu, Jianping.

In: IEEE Network, Vol. 33, No. 4, 8594708, 01.07.2019, p. 194-200.

Research output: Contribution to journalArticle

Li, Q, Liu, J, Hu, YC, Xu, M & Wu, J 2019, 'BGP with BGPsec: Attacks and Countermeasures', IEEE Network, vol. 33, no. 4, 8594708, pp. 194-200. https://doi.org/10.1109/MNET.2018.1800171
Li, Qi ; Liu, Jiajia ; Hu, Yih Chun ; Xu, Mingwei ; Wu, Jianping. / BGP with BGPsec : Attacks and Countermeasures. In: IEEE Network. 2019 ; Vol. 33, No. 4. pp. 194-200.
@article{fcbe73453cbb47db9233ad7c2f855c38,
title = "BGP with BGPsec: Attacks and Countermeasures",
abstract = "The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.",
author = "Qi Li and Jiajia Liu and Hu, {Yih Chun} and Mingwei Xu and Jianping Wu",
year = "2019",
month = "7",
day = "1",
doi = "10.1109/MNET.2018.1800171",
language = "English (US)",
volume = "33",
pages = "194--200",
journal = "Networks",
issn = "0028-3045",
publisher = "Wiley-Liss Inc.",
number = "4",

}

TY - JOUR

T1 - BGP with BGPsec

T2 - Attacks and Countermeasures

AU - Li, Qi

AU - Liu, Jiajia

AU - Hu, Yih Chun

AU - Xu, Mingwei

AU - Wu, Jianping

PY - 2019/7/1

Y1 - 2019/7/1

N2 - The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

AB - The BGP suffers from numerous security vulnerabilities, for example, fake routing updates incurring traffic hijacking and interception. The BGPsec protocol is supposed to fix these vulnerabilities by attesting routing updates. Although the BGP security problem has been extensively studied, the security of BGP with BGPsec is not well studied yet. We argue that even secured with BGPsec, BGP still has inherent security vulnerabilities. In particular, traffic can still be hijacked. In this article, we systematically study the vulnerabilities of BGP with BGPsec. We find that the protocol still cannot achieve the desired security guarantee of inter-domain routing. In particular, it is unable to ensure correct packet delivery on the Internet. We measure the impacts of the vulnerabilities by using a real data trace, and discuss enhancements to the design and the implementation of the secure BGP protocol, which allows BGP to achieve strong secure inter-domain routing.

UR - http://www.scopus.com/inward/record.url?scp=85059362973&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85059362973&partnerID=8YFLogxK

U2 - 10.1109/MNET.2018.1800171

DO - 10.1109/MNET.2018.1800171

M3 - Article

AN - SCOPUS:85059362973

VL - 33

SP - 194

EP - 200

JO - Networks

JF - Networks

SN - 0028-3045

IS - 4

M1 - 8594708

ER -