[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
review-article
Open access

Securing internet applications from routing attacks

Published: 24 May 2021 Publication History

Abstract

Application-layer and network-layer defenses are critical for fortifying routing attacks.

References

[1]
Apostolaki, M., Marti, G., Muller, J., and Vanbever, L. SABRE: Protecting Bitcoin against routing attacks. In Proceedings of Network and Distributed System Security Symp., 2019.
[2]
Apostolaki, M., Zohar, A., and Vanbever, L. Hijacking Bitcoin: Routing attacks on cryptocurrencies. In Proceedings of IEEE Symp. on Security and Privacy, 2017.
[3]
Birge-Lee, H., Sun, Y., Edmundson, A., Rexford, J., and Mittal, P. Bamboozling certificate authorities with BGP. In Proceedings of USENIX Security Symp., 2018.
[4]
Birge-Lee, H., Wang, L., Rexford, J., and Mittal, P. SICO: Surgical interception attacks by manipulating BGP communities. In Proceedings of ACM Con. Computer and Communications Security, 2019.
[5]
Boldyreva, A. and Lychev, R. Provable security of S-BGP and other path vector protocols: Model, analysis and extensions. In Proceedings of ACM Conf. Computer and Communications Security, 2012.
[6]
Bush, R. and Austein, R. The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810, RFC Editor, Jan. 2013.
[7]
Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of USENIX Security Symp., 2004.
[8]
Gill, P., Schapira, M., and Goldberg, S. Let the market drive deployment: A strategy for transitioning to BGP security. ACM SIGCOMM, 2011.
[9]
Goldberg, S. Surveillance without borders: The "traffic shaping" loophole and why it matters. The Century Foundation, 2017.
[10]
Hu, X. and Mao, Z.M. Accurate real-time identification of IP prefix hijacking. In Proceedings of IEEE Symp. on Security and Privacy, 2007.
[11]
Kent, S., Lynn, C., and Seo, K. Secure border gateway protocol (S-BGP). IEEE J. Selected Areas in Commun. 18, 4 (2000), 582--592.
[12]
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. PHAS: A prefix hijack alert system. In Proceedings of USENIX Security Symp., 2006.
[13]
Lepinski, M. and Sriram, K. BGPsec Protocol Specification. RFC 8205, RFC Editor, Sept. 2017.
[14]
Lychev, R., Goldberg, S., and Schapira, M. BGP security in partial deployment: Is the juice worth the squeeze? ACM SIGCOMM, 2013.
[15]
Qiu, J., Gao, L., Ranjan, S., and Nucci, A. Detecting bogus BGP route information: Going beyond prefix hijacking. SecureComm, 2007.
[16]
Reuter, A., Bush, R., Cunha, I., Katz-Bassett, E., Schmidt, T.C., and Wahlisch, M. Towards a rigorous methodology for measuring adoption of RPKI route validation and filtering. ACM SIGCOMM Computer Commun. Rev. 48, 1 (2018), 19--27.
[17]
Scheitle, Q. et al. A first look at certification authority authorization (CAA). SIGCOMM Comput. Commun. Rev., 48(2):10--23, May 2018.
[18]
Schlinker, B., Arnold, T., Cunha, I., and Katz-Bassett, E. PEERING: Virtualizing BGP at the edge for research. In Proceedings of ACM SIGCOMM CoNEXT Conf. Dec. 2019.
[19]
Shi, X., Xiang, Y., Wang, Z., Yin, X., and Wu, J. Detecting prefix hijackings in the Internet with Argus. In Proceedings of Internet Measurement Conf., 2012.
[20]
Snijders, J. Practical everyday BGP filtering with AS PATH filters: PeerLocking. NANOG-67, Chicago, June, 2016.
[21]
Sun, Y., Edmundson, A., Feamster, N., Chiang, M., and Mittal, P. Counter-RAPTOR: Safeguarding Tor against active routing attacks. In Proceedings of IEEE Symp. Security and Privacy, 2017.
[22]
Sun, Y., Edmundson, A., Vanbever, L., Li, O., Rexford, J., Chiang, M., and Mittal, P. RAPTOR: Routing attacks on privacy in Tor. In Proceedings of USENIX Security Symp., 2015.
[23]
Tan, H., Sherr, M., and Zhou, W. Data-plane defenses against routing attacks on Tor. In Privacy Enhancing Technologies Symp., 2016.
[24]
Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M. and Bush, R. iSpy: Detecting IP prefix hijacking on my own. ACM SIGCOMM, 2008.
[25]
Zheng, C., Ji, L., Pei, D., Wang, J., and Francis, P. A lightweight distributed scheme for detecting IP prefix hijacks in real-time. ACM SIGCOMM, 2007.
[26]
Birge-Lee, H., Wang, L., McCarney, D., Shoemaker, R., Rexford, J., and Mittal, P. Experiences deploying multi-vantage-point domain validation at Let's Encrypt. In Proceedings of USENIX Security Symp., 2021

Cited By

View all
  • (2024)Minimizing the Number of Distrustful Nodes on the Path of IP Packet TransmissionComputation10.3390/computation1205009112:5(91)Online publication date: 3-May-2024
  • (2024)A Comprehensive Survey on Cyberattacks in Smart Grid NetworksProceedings of Third International Symposium on Sustainable Energy and Technological Advancements10.1007/978-981-97-6976-6_3(25-41)Online publication date: 10-Dec-2024
  • (2023)Efficient Secure Routing Mechanisms for the Low-Powered IoT Network: A Literature ReviewElectronics10.3390/electronics1203048212:3(482)Online publication date: 17-Jan-2023
  • Show More Cited By

Index Terms

  1. Securing internet applications from routing attacks

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image Communications of the ACM
      Communications of the ACM  Volume 64, Issue 6
      June 2021
      106 pages
      ISSN:0001-0782
      EISSN:1557-7317
      DOI:10.1145/3467845
      Issue’s Table of Contents
      This work is licensed under a Creative Commons Attribution International 4.0 License.

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 24 May 2021
      Published in CACM Volume 64, Issue 6

      Permissions

      Request permissions for this article.

      Check for updates

      Qualifiers

      • Review-article
      • Popular
      • Refereed

      Funding Sources

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)1,245
      • Downloads (Last 6 weeks)122
      Reflects downloads up to 19 Dec 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Minimizing the Number of Distrustful Nodes on the Path of IP Packet TransmissionComputation10.3390/computation1205009112:5(91)Online publication date: 3-May-2024
      • (2024)A Comprehensive Survey on Cyberattacks in Smart Grid NetworksProceedings of Third International Symposium on Sustainable Energy and Technological Advancements10.1007/978-981-97-6976-6_3(25-41)Online publication date: 10-Dec-2024
      • (2023)Efficient Secure Routing Mechanisms for the Low-Powered IoT Network: A Literature ReviewElectronics10.3390/electronics1203048212:3(482)Online publication date: 17-Jan-2023
      • (2023)Blackhole Attack Detection and Analysis of Routing Protocol in the Context of Internet of Vehicles2023 International Conference on Quantum Technologies, Communications, Computing, Hardware and Embedded Systems Security (iQ-CCHESS)10.1109/iQ-CCHESS56596.2023.10391363(1-7)Online publication date: 15-Sep-2023
      • (2023)Revelio: A Network-Level Privacy Attack in the Lightning Network2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00060(942-957)Online publication date: Jul-2023
      • (2023)Increasing Robustness of Blockchain Peer-to-Peer Networks with Alternative Peer Initialization2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom59040.2023.00060(325-332)Online publication date: 4-Dec-2023
      • (2023)Blockchain-enabled anonymous mutual authentication and location privacy-preserving scheme for 5 G networksJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2022.11.01835:6Online publication date: 1-Jun-2023
      • (2023)On the gathering of Tor onion addressesFuture Generation Computer Systems10.1016/j.future.2023.02.024145:C(12-26)Online publication date: 1-Aug-2023
      • (2021)Attacking the Quantum InternetIEEE Transactions on Quantum Engineering10.1109/TQE.2021.30949832(1-17)Online publication date: 2021
      • (2021)Robustness analysis of DNS paths and web access paths in public administration websitesComputer Communications10.1016/j.comcom.2021.09.017180:C(243-258)Online publication date: 1-Dec-2021
      • Show More Cited By

      View Options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Digital Edition

      View this article in digital edition.

      Digital Edition

      Magazine Site

      View this article on the magazine site (external)

      Magazine Site

      Login options

      Full Access

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media