Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems

DOI: 10.4236/jcc.2014.28002   PDF   HTML   XML   3,395 Downloads   5,365 Views   Citations

Abstract

The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.

Share and Cite:

Oti, S. and Hayfron-Acquah, J. (2014) Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems. Journal of Computer and Communications, 2, 10-21. doi: 10.4236/jcc.2014.28002.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Peter, I. (2012) Origins of the Internet.
http://www.nethistory.info/History%20of%20the%20Internet/origins.html
[2] Sachdeva, M., Singh, G. and Kumar, K. (2011) Deployment of Distributed Defence against DDoS Attacks in ISP Domain. International Journal of Computer Applications, 15, 29.
[3] Rekhter, Y. and Li, T. (1995) A Border Gateway Protocol 4 (BGP-4). RFC 1771, the Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc1771.txt
[4] Rekhter, Y. and Li, T. (2006) A Border Gateway Protocol 4 (BGP-4). RFC 4271, the Internet Engineering Task Force (IETF). http://www6.ietf.org/rfc/rfc4271
[5] Gill, V., Heasley, J. and Meyer, D. (2004) The Generalized TTL Security Mechanism (GTSM). RFC 3682 (Experimental), Internet Engineering Task Force, Obsoleted by RFC 5082.
http://www.ietf.org/rfc/rfc3682.txt
[6] Kent, S. and Atkinson, R. (1998) Security Architecture for the Internet Protocol. RFC 2401 (Proposed Standard), Internet Engineering Task Force, Obsoleted by RFC 4301, Updated by RFC 3168.
http://www.ietf.org/rfc/rfc2401.txt
[7] Rivest, R. (1992) The MD5 Message-Digest Algorithm. RFC 1321 (Informational), Internet Engineering Task Force. http://www.ietf.org/rfc/rfc1321.txt
[8] Heffernan, A. (1998) Protection of BGP Sessions via the TCP MD5 Signature Option. RFC 2385 (Proposed Standard), Internet Engineering Task Force. http://www.ietf.org/rfc/rfc2385.txt
[9] Murphy, S. (2001) BGP Security Analysis. http://tools.ietf.org/html/draft-murphy-bgp-secr-04
[10] Behringer, M. (2007) BGP Session Security Requirements. Internet-Draft (Informational).
http://tools.ietf.org/html/draft-behringer-bgp-session-sec-req-02
[11] Christian, B. and Tauber, T. (2008) BGP Security Requirements. Internet-Draft (Informational).
http://tools.ietf.org/html/draft-ietf-rpsec-bgpsecrec-10
[12] Schneier, B. (1995) Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, Inc., New York.
[13] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R. and Polk, W. (2008) Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard), Internet Engineering Task Force. http://www.ietf.org/rfc/rfc5280.txt
[14] Kent, S., Lynn, C. and Seo, K. (2000) Secure Border Gateway Protocol (SBGP). IEEE Journal on Selected Areas in Communications, 18, 582-592. http://dx.doi.org/10.1109/49.839934
[15] Zhao, M., Smith, S. and Nicol, D. (2005) The Performance Impact of BGP Security. IEEE Journal on Network, 19, 42-48. http://dx.doi.org/10.1109/MNET.2005.1541720
[16] White, R. (2003) Securing BGP through Secure Origin BGP. The Internet Protocol Journal, 6.
[17] van Oorschot, P.C., Wan, T. and Kranakis, E. (2007) On Interdomain Routing Security and Pretty Secure BGP (psBGP). ACM Transactions on Information and System Security, 10, Article Number: 11.
http://dx.doi.org/10.1145/1266977.1266980
[18] Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P. and Rubin, A. (2003) Working around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing. Proceedings of Internet Society Symposium on Network and Distributed System Security (NDSS 03), San Diego, 6-7 February 2003.
[19] Chan, H.W., Dash, D., Perrig, A. and Zhang, H. (2006) Modeling Adoptability of Secure BGP Protocols. Proceedings of the Joint International Conference on Measurement and Modeling of Computer Systems, 36, 279-290.
[20] Butler, K., Farley, T.R., McDaniel, P. and Rexford, J. (2010) A Survey of BGP Security Issues and Solutions. Proceedings of the IEEE, 98, 100-122. http://dx.doi.org/10.1109/JPROC.2009.2034031
[21] Behringer, M. (2007) BGP Session Security Requirements. Internet-Draft (Informational).
http://tools.ietf.org/html/draft-behringer-bgp-session-sec-req-02
[22] IETF, RFC 4272 (2006) BGP Security Vulnerabilities Analysis. http://www.ietf.org/rfc/rfc4272.txt
[23] Docstoc (2012) Border Gateway Protocol.

  
comments powered by Disqus

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.