Browsing by Author "Masip Bruin, Xavier"

Filter results by typing the first few letters
Now showing 1 - 5 of 5
  • Thumbnail Image
    Item
    A survey on the recent efforts of the internet standardization body for securing inter-domain routing
    (2015) Siddiqui Shoaib, Muhammad; Montero Banegas, Diego Teodoro; Serral Gracià, René; Masip Bruin, Xavier; Yannuzzi,, Marcelo
    The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol in the Internet, thus it plays a crucial role in current communications. Unfortunately, it was conceived without any internal security mechanism, and hence is prone to a number of vulnerabilities and attacks that can result in large scale outages in the Internet. In light of this, securing BGP has been an active research area since its adoption. Several security strategies, ranging from a complete replacement of the protocol up to the addition of new features in it were proposed, but only minor tweaks have found the pathway to be adopted. More recently, the IETF Secure Inter-Domain Routing (SIDR) Working Group (WG) has put forward several recommendations to secure BGP. In this paper, we survey the efforts of the SIDR WG including, the Resource Public Key Infrastructure (RPKI), Route Origin Authorizations (ROAs), and BGP Security (BGPSEC), for securing the BGP protocol. We also discuss the post SIDR inter-domain routing unresolved security challenges along with the deployment and adoption challenges of SIDR’s proposals. Furthermore, we shed light on future research directions in managing the broader security issues in inter-domain routing. The paper is targeted to readers from the academic and industrial communities that are not only interested in an updated article accounting for the recent developments made by the Internet standardization body toward securing BGP (i.e., by the IETF), but also for an analytical discussion about their pros and cons, including promising research lines as well.
  • Thumbnail Image
    Item
    Diagnosis of route leaks among autonomous systems in the internet
    (IEEE, 2014) Serral Gracià, René
    Border Gateway Protocol (BGP) is the defacto inter-domain routing protocol in the Internet. It was designed without an inherent security mechanism and hence is prone to a number of vulnerabilities which can cause large scale disruption in the Internet. Route leak is one such inter-domain routing security problem which has the potential to cause wide-scale Internet service failure. Route leaks occur when Autonomous systems violate export policies while exporting routes. As BGP security has been an active research area for over a decade now, several security strategies were proposed, some of which either advocated complete replacement of the BGP or addition of new features in BGP, but they failed to achieve global acceptance. Even the most recent effort in this regard, lead by the Secure Inter-Domain Routing (SIDR) working group (WG) of IETF fails to counter all the BGP anomalies, especially route leaks. In this paper we look at the efforts in countering the policy related BGP problems and provide an analytical insights into why they are ineffective. We contend a new direction for future research in managing the broader security issues in the inter-domain routing. In that light, we propose a naive approach for countering the route leak problem by analyzing the information available at hand, such as the RIB of the router. The main purpose of this paper was to position and highlight the autonomous smart analytical approach for tackling policy related BGP security issues.
  • Thumbnail Image
    Item
    Network coding-based protection scheme for elastic optical networks
    (IEEE, 2014) Yannuzzi,, Marcelo
    Optical technologies are the foundations supporting the current telecommunication network backbones due to the high speed transmissions achieved in fiber optical networks. Traditional optical networks consist of a fixed 50 GHz grid, resulting in a low optical spectrum (OS) utilization, specifically with transmission rates above 100 Gbps. This issue is magnified when network resilience capabilities are required. For instance, proactive protection solutions such as Dedicated Protection (DP) are widely used because of their low recovery time. However, a significant drawback of DP is its high utilization of optical bandwidth. Recently, optical networks are undergoing significant changes with the purpose of providing a flexible grid that can fully exploit the potential of optical networks. This has led to a new network paradigm termed as Elastic Optical Networks (EON). Moreover, a novel strategy referred to as network coding (NC) has been proposed with the aim of improving network throughput. In this paper, we propose a proactive protection scheme so-called E-DPNC* that combines both the advantages concerning network throughput offered by EON and NC, and the low recovery time of a DP scheme, in order to enable network resilience against optical link failures while also reducing the optical spectrum utilization. Our evaluation results show that our solution reduces the OS utilization by 41% compared with conventional protection schemes deployed on fixed grid scenarios.
  • Thumbnail Image
    Item
    Route leak detection using real-time analytics on local BGP information
    (IEEE, 2014) Serral Gracià, René
    A route leak can be defined as a security gap that occurs due to the infringement of the routing policies that any two Autonomous Systems (ASes) have agreed upon. Route leaks are seemingly simple, but hard to resolve since the ASes keep their routing policies confidential. Indeed, the traditional palliatives, such as the utilization of route filters, are no longer used by a large number of ASes, given the high administrative burden that they entail. Other alternatives, like BGP monitoring tools, not only require third party information gathered at multiple vantage points, but also they become impotent in many cases, due to their limited view of the interdomain routing state. In this paper, we propose a different approach, which allows to autonomously detect the occurrence of route leaks by solely inspecting the BGP information available at the AS. Our main contributions can be summarized as follows. First, we propose a self-contained Route Leak Detection (RLD) technique, which is based on real-time analytics on the Route Information Bases (RIBs) of the border routers of an AS. Second, we introduce Benign Fool Back (BFB), "a harmless bluff" that can substantially improve the success rate of the RLD technique. Third, we show through exhaustive simulations that our technique can detect route leak incidents in various scenarios with high success rate. In addition, our solution has the following practical advantages: a) no reliance on third party information (e.g., on vantage points); b) no changes required to control-plane protocols (e.g., to BGP); and c) allows non-invasive integration (e.g., using SDN).
  • Thumbnail Image
    Item
    Route leak identification: a step toward making inter-domain routing more reliable
    (IEEE, 2014) Masip Bruin, Xavier
    Route leaks are one of the anomalies of inter-domain routing that have the capacity to produce large Internet service disruptions. Route leaks are caused because of violation of routing policies among Autonomous Systems. Unfortunately, there are not many studies that formally and thoroughly analyze the route leak problem. There exist few conventional solutions that can be used as a first line of defense, such as route filters. However, these palliatives become unfeasible in terms of scalability, mainly due to the administrative overhead and cost of maintaining the filters updated. As a result, a significant part of the Internet is defenseless against route leak attacks. In this paper, we define, describe, and examine the different types of route leaks that threaten the security and reliability of the routing system. Our main contributions can be summarized as follows. We develop a rather basic theoretical framework, which, under realistic assumptions, enables a domain to autonomously determine if a particular route advertisement received corresponds to a route leak. We reason the possible occurrence of route leaks in different scenarios, with the aim of formulating requirements for their identification, and hence thereof prevention to improve routing reliability.