Validation of RPKI solution for BGP security
Abstract
BGP is vital for the interconnection of Internet Autonomous Systems, and the number of prefix hijacking attacks is increasing. Among the solutions discussed in the literature, RPKI has been the preferred option. The objective of this work is to validate the RPKI, through robustness tests against Prefix Hijacking attacks. The results were satisfactory, since the solution allowed the identification of unauthenticated routes. However, during the research, an RPKI resource that could be used in attacks, the SLURM FILE, was identified and tested. No works were found addressing this possibility, which is the main contribution of the dissertation.
References
Al-Musawi, B., Branch, P., and Armitage, G. (2017). BGP Anomaly Detection Techniques: A Survey. IEEE Communications Surveys Tutorials, 19(1):377–396.
Angieri, S., Bagnulo, M., García-Martínez, A., Liu, B., and Wei, X. (2020). InBlock4: Blockchain-based Route Origin Validation. In IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 291–296.
Arai, T., Nakano, K., and Chakraborty, B. (2019). Selection of Effective Features for BGP Anomaly Detection. In 2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST), pages 1–6.
Bush, R. and Austein, R. (2013). The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810.
de Melo, Y., Salles, R., and Oliveira, F. (2021). Mitigação de Ataques ao BGP utilizando RPKI. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 385–390, Porto Alegre, RS, Brasil. SBC.
Gilad, Y., Sagga, O., and Goldberg, S. (2017). Maxlength Considered Harmful to the RPKI. In Proceedings of the 13th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT ’17, page 101–107, New York, NY, USA. Association for Computing Machinery.
He, G., Su, W., Gao, S., Yue, J., and Das, S. K. (2021). ROAchain: Securing Route Origin Authorization With Blockchain for Inter-Domain Routing. IEEE Transactions on Network and Service Management, 18(2):1690–1705.
Karimi, M., Jahanshahi, A., Mazloumi, A., and Sabzi, H. Z. (2019). Border Gateway Protocol Anomaly Detection Using Neural Network. In 2019 IEEE International Conference on Big Data (Big Data), pages 6092–6094.
Lu, H., Tang, Y., and Sun, Y. (2021). Drrs-bc: Decentralized Routing Registration System Based on Blockchain. IEEE/CAA Journal of Automatica Sinica, 8(12):1868–1876.
Ma, D., Mandelberg, D., and Bruijnzeels, T. (2018). Simplified Local Internet Number Resource Management with the RPKI (SLURM). RFC 8416.
Mitseva, A., Panchenko, A., and Engel, T. (2018). The State of Affairs in BGP Security: A Survey of Attacks and Defenses. Computer Communications, 124:45–60.
Registro.br (2019). RPKI – Numeração. https://registro.br/tecnologia/numeracao/rpki/. (Acessado: 06/02/2022).
Shapira, T. and Shavitt, Y. (2020). A Deep Learning Approach for IP Hijack Detection Based on ASN Embedding. In Proceedings of the Workshop on Network Meets AI & amp; ML, NetAI ’20, page 35–41, New York, NY, USA. Association for Computing Machinery.
Angieri, S., Bagnulo, M., García-Martínez, A., Liu, B., and Wei, X. (2020). InBlock4: Blockchain-based Route Origin Validation. In IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 291–296.
Arai, T., Nakano, K., and Chakraborty, B. (2019). Selection of Effective Features for BGP Anomaly Detection. In 2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST), pages 1–6.
Bush, R. and Austein, R. (2013). The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810.
de Melo, Y., Salles, R., and Oliveira, F. (2021). Mitigação de Ataques ao BGP utilizando RPKI. In Anais do XXI Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 385–390, Porto Alegre, RS, Brasil. SBC.
Gilad, Y., Sagga, O., and Goldberg, S. (2017). Maxlength Considered Harmful to the RPKI. In Proceedings of the 13th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT ’17, page 101–107, New York, NY, USA. Association for Computing Machinery.
He, G., Su, W., Gao, S., Yue, J., and Das, S. K. (2021). ROAchain: Securing Route Origin Authorization With Blockchain for Inter-Domain Routing. IEEE Transactions on Network and Service Management, 18(2):1690–1705.
Karimi, M., Jahanshahi, A., Mazloumi, A., and Sabzi, H. Z. (2019). Border Gateway Protocol Anomaly Detection Using Neural Network. In 2019 IEEE International Conference on Big Data (Big Data), pages 6092–6094.
Lu, H., Tang, Y., and Sun, Y. (2021). Drrs-bc: Decentralized Routing Registration System Based on Blockchain. IEEE/CAA Journal of Automatica Sinica, 8(12):1868–1876.
Ma, D., Mandelberg, D., and Bruijnzeels, T. (2018). Simplified Local Internet Number Resource Management with the RPKI (SLURM). RFC 8416.
Mitseva, A., Panchenko, A., and Engel, T. (2018). The State of Affairs in BGP Security: A Survey of Attacks and Defenses. Computer Communications, 124:45–60.
Registro.br (2019). RPKI – Numeração. https://registro.br/tecnologia/numeracao/rpki/. (Acessado: 06/02/2022).
Shapira, T. and Shavitt, Y. (2020). A Deep Learning Approach for IP Hijack Detection Based on ASN Embedding. In Proceedings of the Workshop on Network Meets AI & amp; ML, NetAI ’20, page 35–41, New York, NY, USA. Association for Computing Machinery.
Published
2022-09-12
How to Cite
DE MELO, Yuri de Abreu; SALLES, Ronaldo Moreira; OLIVEIRA, Frederico Sauer G..
Validation of RPKI solution for BGP security. In: THESIS AND DISSERTATION COMPETITION - BRAZILIAN SYMPOSIUM ON INFORMATION AND COMPUTATIONAL SYSTEMS SECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 41-48.
DOI: https://doi.org/10.5753/sbseg_estendido.2022.225301.
