NSDI '04 Abstract
Pp. 127140 of the Proceedings
Listen and Whisper: Security Mechanisms for BGP Lakshminarayanan Subramanian, University of California, Berkeley; Volker Roth, Fraunhofer Institute, Germany; Ion Stoica, University of California, Berkeley; Scott Shenker, University of California, Berkeley, and ICSI; Randy H. Katz, University of California, Berkeley
Best Student Paper!
BGP, the current inter-domain routing protocol, assumes that the routing
information propagated by authenticated routers is correct. This assumption
renders the current infrastructure vulnerable to both accidental misconfigurations
and deliberate attacks. To reduce this vulnerability, we present a combination
of two mechanisms: Listen and Whisper. Listen passively
probes the data plane and checks whether the underlying routes to different
destinations work. Whisper uses cryptographic functions along with routing
redundancy to detect bogus route advertisements in the control plane. These
mechanisms are easily deployable, and do not rely on either a public key
infrastructure or a central authority like ICANN.
The combination of Listen and Whisper eliminates a large number of problems
due to router misconfigurations, and restricts (though not eliminates) the
damage that deliberate attackers can cause. Moreover, these mechanisms can
detect and contain isolated adversaries that propagate even a few invalid
route announcements. Colluding adversaries pose a more stringent challenge,
and we propose simple changes to the BGP policy mechanism to limit the damage
colluding adversaries can cause. We demonstrate the utility of Listen and
Whisper through real-world deployment, measurements and empirical analysis.
For example, a randomly placed isolated adversary, in the worst case can
affect reachability to only 10% of the nodes.
- View the full text of this paper in HTML and PDF.
The Proceedings are published as a collective work, © 2004 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.