Safeguarding data delivery by decoupling path propagation and adoption

Mingui Zhang, Bin Liu, Beichuan Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.

Original languageEnglish (US)
Title of host publicationProceedings - IEEE INFOCOM
DOIs
StatePublished - 2010
EventIEEE INFOCOM 2010 - San Diego, CA, United States
Duration: Mar 14 2010Mar 19 2010

Other

OtherIEEE INFOCOM 2010
CountryUnited States
CitySan Diego, CA
Period3/14/103/19/10

Fingerprint

Trace analysis
Internet

ASJC Scopus subject areas

  • Computer Science(all)
  • Electrical and Electronic Engineering

Cite this

Safeguarding data delivery by decoupling path propagation and adoption. / Zhang, Mingui; Liu, Bin; Zhang, Beichuan.

Proceedings - IEEE INFOCOM. 2010. 5462200.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zhang, M, Liu, B & Zhang, B 2010, Safeguarding data delivery by decoupling path propagation and adoption. in Proceedings - IEEE INFOCOM., 5462200, IEEE INFOCOM 2010, San Diego, CA, United States, 3/14/10. https://doi.org/10.1109/INFCOM.2010.5462200
Zhang, Mingui ; Liu, Bin ; Zhang, Beichuan. / Safeguarding data delivery by decoupling path propagation and adoption. Proceedings - IEEE INFOCOM. 2010.
@inproceedings{e7701be0000743b5bc4b001efa59b768,
title = "Safeguarding data delivery by decoupling path propagation and adoption",
abstract = "False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.",
author = "Mingui Zhang and Bin Liu and Beichuan Zhang",
year = "2010",
doi = "10.1109/INFCOM.2010.5462200",
language = "English (US)",
isbn = "9781424458363",
booktitle = "Proceedings - IEEE INFOCOM",

}

TY - GEN

T1 - Safeguarding data delivery by decoupling path propagation and adoption

AU - Zhang, Mingui

AU - Liu, Bin

AU - Zhang, Beichuan

PY - 2010

Y1 - 2010

N2 - False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.

AB - False routing announcements are a serious security problem, which can lead to widespread service disruptions in the Internet. A number of detection systems have been proposed and implemented recently, however, it takes time to detect attacks, notify operators, and stop false announcements. Thus detection systems should be complemented by a mitigation scheme that can protect data delivery before the attack is resolved. We propose such a mitigation scheme, QBGP, which decouples the propagation of a path and the adoption of a path for data forwarding. QBGP does not use suspicious paths to forward data traffic, but still propagates them in the routing system to facilitate attack detection. It can protect data delivery from routing announcements of false sub-prefixes, false origins, false nodes and false links. QBGP incurs overhead only when there are suspicious paths, which happen infrequently in real BGP traces. Results from large scale simulations and BGP trace analysis show that QBGP is light-weight yet effective, and it converges faster and incurs less overhead than Pretty Good BGP.

UR - http://www.scopus.com/inward/record.url?scp=77953316240&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77953316240&partnerID=8YFLogxK

U2 - 10.1109/INFCOM.2010.5462200

DO - 10.1109/INFCOM.2010.5462200

M3 - Conference contribution

AN - SCOPUS:77953316240

SN - 9781424458363

BT - Proceedings - IEEE INFOCOM

ER -