Probabilistic IP prefix authentication (PIPA) for prefix hijacking

Abstract

BGP is the most important component of Internet routing and yet it is vulnerable to many threats such as IP prefix hijacking, which has created significant problems over the decade. There have been two approaches to address the IP prefix hijacking issue: anomaly detection-based approach and cryptography-based one. Due to complexity and deployment concern of the latter, there are a lot of solutions that take the former approach. We propose a probabilistic IP prefix authentication (PIPA) scheme that leverages the existing BGP anomaly detection-based solutions as well as public internet registry information. That is, PIPA determines the authenticity of the pair (IP prefix, AS path) in BGP messages by using historical stability of the BGP information and internet registry data. We also discuss how to recover the hijacked IP prefixes in PIPA.