Information Technology Reference
In-Depth Information
by calculating digital signatures, 3)the requirement to change BGP, 4) lack of
incentive effect. Since there is no practically deployed security routing protocol,
routing monitoring system is designed and deployed to offset the security vulner-
ability of BGP as a mitigation solution. BGP monitoring system improves the
security and accuracy of routing information through collecting and validating
BGP data from BGP router [8, 9]. However, most routing monitoring systems
need a schedule or management center and do not consider the requirement of
autonomy and incentive.
In this paper, we designed a cooperative method for BGP route validation
which is based on information sharing. The basic principle of cooperative val-
idation is as follows: multiple autonomous systems (ASes) deploy monitoring
service and check the credibility of BGP route in a self-organized way to achieve
the ultimate security together. By means of sharing the monitoring informa-
tion among multiple autonomous systems, cooperative validating BGP provides
a more comprehensive routing view, overcomes information unavailability and
locality constraints and enhances the ability of autonomous system to detect
false routing information. In this paper, we also consider two important factors
which include incentive and deployment. For convenient, our method is names
as CoISM.
This paper is organized as follows: Section 2 described our motivation and
objectives. Section 3 describes the algorithm for cooperative route validation.
Section 4 gives experiment and result analysis. Section 5 is an overview of related
work. Finally, Section 6 concludes the paper.
2 Motivation and Objective
2.1 Motivation
Ensuring the authenticity of routing information is the key issue of routing secu-
rity. Route monitoring system increase the security and accuracy of BGP routing
information through route validation. But, due to lack of global information view,
it is dicult to single BGP monitor to identity false BGP route. For example,
due to lack of enough information about IP prefix ownership, single AS can not
identify a prefix hijacking advertise. To implement cooperative BGP monitor-
ing among ASes, we need more eciency information sharing mechanism. Based
on this purpose, we noticed two characteristics of monitoring information: local
validity and relative validity.
When an AS (such as
X
) received a BGP route, it might do not select the route
as the best route for some reasons. Hence, any monitoring information about this
route is invalid to
X
. This characteristic is called local validity. Obviously, if a
piece of monitoring information is invalid to AS
X
, it is not necessary to send
this information to it. According to local validity, all of the internet ASes can
be classified into three subsidiary sets which are infection set, immunity set and
isolate set. For any AS node, if it selects the false route as the best one, it belongs
to the infection set. If an AS node can identify the false route, it belongs to the
