[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2018436.2018439acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article
Free access

Let the market drive deployment: a strategy for transitioning to BGP security

Published: 15 August 2011 Publication History

Abstract

With a cryptographic root-of-trust for Internet routing(RPKI [17]) on the horizon, we can finally start planning the deployment of one of the secure interdomain routing protocols proposed over a decade ago (Secure BGP [22], secure origin BGP [37]). However, if experience with IPv6 is any indicator, this will be no easy task. Security concerns alone seem unlikely to provide sufficient local incentive to drive the deployment process forward. Worse yet, the security benefits provided by the S*BGP protocols do not even kick in until a large number of ASes have deployed them.
Instead, we appeal to ISPs' interest in increasing revenue-generating traffic. We propose a strategy that governments and industry groups can use to harness ISPs' local business objectives and drive global S*BGP deployment. We evaluate our deployment strategy using theoretical analysis and large-scale simulations on empirical data. Our results give evidence that the market dynamics created by our proposal can transition the majority of the Internet to S*BGP.

Supplementary Material

MP4 File (sigcomm_1_2.mp4)

References

[1]
R. Alimi, Y. Wang, and Y. R. Yang. Shadow configuration as a network management primitive. In Sigcomm, 2008.
[2]
Anonymized. Let the market drive deployment: A strategy for transitioning to bgp security. Full version. Technical report, 2011.
[3]
B. Augustin, B. Krishnamurthy, and W. Willinger. IXPs: Mapped? In IMC, 2009.
[4]
R. Austein, G. Huston, S. Kent, and M. Lepinski. Secure inter-domain routing: Manifests for the resource public key infrastructure. draft-ietf-sidr-rpki-manifests-09.txt, 2010.
[5]
I. Avramopoulos, M. Suchara, and J. Rexford. How small groups can secure interdomain routing. Technical report, Princeton University Comp. Sci., 2007.
[6]
H. Ballani, P. Francis, and X. Zhang. A study of prefix hijacking and interception in the Internet. In SIGCOMM, 2007.
[7]
K. Butler, T. Farley, P. McDaniel, and J. Rexford. A survey of BGP security issues and solutions. Proceedings of the IEEE, 2010.
[8]
H. Chang, D. Dash, A. Perrig, and H. Zhang. Modeling adoptability of secure BGP protocol. In SIGCOMM, 2006.
[9]
Y.-J. Chi, R. Oliveira, and L. Zhang. Cyclops: The Internet AS-level observatory. ACM SIGCOMM CCR, 2008.
[10]
D. D. Clark, J. Wroclawski, K. R. Sollins, and R. Braden. Tussle in cyberspace: defining tomorrow's Internet. Trans. on Networking, 2005.
[11]
J. Cowie. Rensys blog: China's 18-minute mystery. http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtml.
[12]
A. Dhamdhere and C. Dovrolis. The internet is flat: Modeling the transition from a transit hierarchy to a peering mesh. In CoNEXT, 2010.
[13]
L. Gao and J. Rexford. Stable Internet routing without global coordination. Trans. on Networking, 2001.
[14]
S. Goldberg, M. Schapira, P. Hummon, and J. Rexford. How secure are secure interdomain routing protocols. In Sigcomm, 2010.
[15]
T. Griffin, F. B. Shepherd, and G. Wilfong. The stable paths problem and interdomain routing. Trans. on Networking, 2002.
[16]
S. Hart. Adaptive heuristics. Econometrica, 2005.
[17]
IETF. Secure interdomain routing (SIDR) working group. http://datatracker.ietf.org/wg/sidr/charter/.
[18]
Y. Jin, S. Sen, R. Guerin, K. Hosanagar, and Z. Zhang. Dynamics of competition between incumbent and emerging network technologies. In NetEcon, 2008.
[19]
D. Joseph, N. Shetty, J. Chuang, and I. Stoica. Modeling the adoption of new network architectures. In CoNEXT, 2007.
[20]
J. Karlin, S. Forrest, and J. Rexford. Autonomous security for autonomous systems. Computer Networks, oct 2008.
[21]
D. Kempe, J. Kleinberg, and E. Tardos. Maximizing the spread of influence through a social network. In ACM SIGKDD, 2003.
[22]
S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (S-BGP). JSAC, 2000.
[23]
V. Krishnamurthy, M. Faloutsos, M. Chrobak, L. Lao, J.-H. Cui, and A. G. Percus. Sampling large internet topologies for simulation purposes. Computer Networks (Elsevier), 51(15):4284--4302, 2007.
[24]
C. Labovitz, S. Iekel-Johnson, D. McPherson, J. Oberheide, and F. Jahanian. Internet inter-domain traffic. In SIGCOMM, 2010.
[25]
M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Shang. Phas: Prefix hijack alert system. In Usenix Security, 2006.
[26]
M. Lepinski and S. Turner. Bgpsec protocol specification, 2011. http://tools.ietf.org/html/draft-lepinski-bgpsec-overview-00.
[27]
C. D. Marsan. U.S. plots major upgrade to Internet router security. Network World, 2009.
[28]
A. Medina, A. Lakhina, I. Matta, and J. Byers. BRITE: an approach to universal topology generation. In MASCOTS, 2001.
[29]
S. Misel. "Wow, AS7007!". Merit NANOG Archive, apr 1997. http://www.merit.edu/mail.archives/nanog/1997-04/msg00340.html.
[30]
S. Morris. Contagion. Review of Economics Studies, 2003.
[31]
R. Oliveira, D. Pei, W. Willinger, B. Zhang, and L. Zhang. Quantifying the completeness of the observed internet AS-level structure. UCLA Computer Science Department - Techical Report TR-080026-2008, Sept 2008.
[32]
F. Orbit. http://www.fixedorbit.com/metrics.htm.
[33]
S. Ratnasamy, S. Shenker, and S. McCanne. Towards an evolvable Internet architecture. In SIGCOMM, 2005.
[34]
Rensys Blog. Pakistan hijacks YouTube. http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml.
[35]
Sandvine. Fall 2010 global internet phenomena, 2010.
[36]
S. Sen, Y. Jin, R. Guerin, and K. Hosanagar. Modeling the dynamics of network technology adoption and the role of converters. Trans. on Networking, 2010.
[37]
R. White. Deployment considerations for secure origin BGP (soBGP). draft-white-sobgp-bgp-deployment-01.txt, June 2003, expired.
[38]
Y. Yu, M. Isard, D. Fetterly, M. Budiu, U. Erlingsson, P. K. Gunda, and J. Currey. Dryadlinq: a system for general-purpose distributed data-parallel computing using a high-level language. In Usenix OSDI, 2008.
[39]
E. Zegura, K. Calvert, and S. Bhattarcharjee. How to model an internetwork. In Infocom, 1996.

Cited By

View all
  • (2024)A Game Theoretical Analysis of Distributed Denial-of-Service Defense IncentiveSecurity and Privacy in Communication Networks10.1007/978-3-031-64954-7_1(3-24)Online publication date: 15-Oct-2024
  • (2022)Behind the Scenes of RPKIProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560645(1413-1426)Online publication date: 7-Nov-2022
  • (2022)Automatic Inference of BGP Location CommunitiesProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/35080236:1(1-23)Online publication date: 28-Feb-2022
  • Show More Cited By

Index Terms

  1. Let the market drive deployment: a strategy for transitioning to BGP security

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SIGCOMM '11: Proceedings of the ACM SIGCOMM 2011 conference
    August 2011
    502 pages
    ISBN:9781450307970
    DOI:10.1145/2018436
    • cover image ACM SIGCOMM Computer Communication Review
      ACM SIGCOMM Computer Communication Review  Volume 41, Issue 4
      SIGCOMM '11
      August 2011
      480 pages
      ISSN:0146-4833
      DOI:10.1145/2043164
      Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 August 2011

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. bgp
    2. routing
    3. security

    Qualifiers

    • Research-article

    Conference

    SIGCOMM '11
    Sponsor:
    SIGCOMM '11: ACM SIGCOMM 2011 Conference
    August 15 - 19, 2011
    Ontario, Toronto, Canada

    Acceptance Rates

    SIGCOMM '11 Paper Acceptance Rate 32 of 223 submissions, 14%;
    Overall Acceptance Rate 462 of 3,389 submissions, 14%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)93
    • Downloads (Last 6 weeks)19
    Reflects downloads up to 19 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)A Game Theoretical Analysis of Distributed Denial-of-Service Defense IncentiveSecurity and Privacy in Communication Networks10.1007/978-3-031-64954-7_1(3-24)Online publication date: 15-Oct-2024
    • (2022)Behind the Scenes of RPKIProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560645(1413-1426)Online publication date: 7-Nov-2022
    • (2022)Automatic Inference of BGP Location CommunitiesProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/35080236:1(1-23)Online publication date: 28-Feb-2022
    • (2021)Securing internet applications from routing attacksCommunications of the ACM10.1145/342977564:6(86-96)Online publication date: 24-May-2021
    • (2021)Building In-the-Cloud Network Functions: Security and Privacy ChallengesProceedings of the IEEE10.1109/JPROC.2021.3127277109:12(1888-1919)Online publication date: Dec-2021
    • (2019)Stable and practical AS relationship inference with problinkProceedings of the 16th USENIX Conference on Networked Systems Design and Implementation10.5555/3323234.3323282(581-597)Online publication date: 26-Feb-2019
    • (2019)BGP hijacking classification2019 Network Traffic Measurement and Analysis Conference (TMA)10.23919/TMA.2019.8784511(25-32)Online publication date: Jun-2019
    • (2019)RPKI is Coming of AgeProceedings of the Internet Measurement Conference10.1145/3355369.3355596(406-419)Online publication date: 21-Oct-2019
    • (2019)Dual-structural edge networking paradigm: an analysis study in terms of multimedia content deliveryMultimedia Tools and Applications10.1007/s11042-018-6649-278:17(24555-24572)Online publication date: 1-Sep-2019
    • (2018)Internet As a Source of RandomnessProceedings of the 17th ACM Workshop on Hot Topics in Networks10.1145/3286062.3286072(64-70)Online publication date: 15-Nov-2018
    • Show More Cited By

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Login options

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media