ROVER:使用DNS验证路由来源

2013 22nd International Conference on Computer Communication and Networks (ICCCN) Pub Date : 2013-10-24 DOI:10.1109/ICCCN.2013.6614187

Joseph Gersch, D. Massey

{"title":"ROVER:使用DNS验证路由来源","authors":"Joseph Gersch, D. Massey","doi":"10.1109/ICCCN.2013.6614187","DOIUrl":null,"url":null,"abstract":"The Border Gateway Protocol (BGP) is a critical component of the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a consequence there are many well-documented BGP vulnera- bilities and resulting security exploits. This paper focuses on the design of the Route Origin Verification System (ROVER); a practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER is designed to work with existing systems whenever possible. In particular, ROVER exploits the reverse DNS for storing data and provides a fail-safe, best effort approach to authentication. The approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. The ROVER system is evaluated using both real operational systems and testbed deployments.","PeriodicalId":207337,"journal":{"name":"2013 22nd International Conference on Computer Communication and Networks (ICCCN)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"ROVER: Route Origin Verification Using DNS\",\"authors\":\"Joseph Gersch, D. Massey\",\"doi\":\"10.1109/ICCCN.2013.6614187\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Border Gateway Protocol (BGP) is a critical component of the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a consequence there are many well-documented BGP vulnera- bilities and resulting security exploits. This paper focuses on the design of the Route Origin Verification System (ROVER); a practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER is designed to work with existing systems whenever possible. In particular, ROVER exploits the reverse DNS for storing data and provides a fail-safe, best effort approach to authentication. The approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. The ROVER system is evaluated using both real operational systems and testbed deployments.\",\"PeriodicalId\":207337,\"journal\":{\"name\":\"2013 22nd International Conference on Computer Communication and Networks (ICCCN)\",\"volume\":\"68 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-10-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 22nd International Conference on Computer Communication and Networks (ICCCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2013.6614187\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 22nd International Conference on Computer Communication and Networks (ICCCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2013.6614187","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

摘要

边界网关协议(BGP)是全球互联网基础设施的重要组成部分。不幸的是，BGP路由在设计时对安全性考虑有限。因此，有许多记录良好的BGP漏洞和由此产生的安全漏洞。本文重点研究了路线原点验证系统(ROVER)的设计;一个实用的解决方案，用于检测和防止源和子前缀劫持。“漫游者”被设计成尽可能与现有系统一起工作。特别是，ROVER利用反向DNS来存储数据，并提供了一种故障安全、尽力而为的身份验证方法。该方法可用于各种操作模型，包括完全动态的内联BGP过滤、定期更新的认证路由过滤器和网络运营商的实时通知。ROVER系统使用实际操作系统和测试平台部署进行评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

ROVER: Route Origin Verification Using DNS

The Border Gateway Protocol (BGP) is a critical component of the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a consequence there are many well-documented BGP vulnera- bilities and resulting security exploits. This paper focuses on the design of the Route Origin Verification System (ROVER); a practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER is designed to work with existing systems whenever possible. In particular, ROVER exploits the reverse DNS for storing data and provides a fail-safe, best effort approach to authentication. The approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. The ROVER system is evaluated using both real operational systems and testbed deployments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 22nd International Conference on Computer Communication and Networks (ICCCN)

自引率

0.00%

发文量