BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks

• Previous message (by thread): BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks
• Next message (by thread): BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Amir,

 

I really enjoy reading this paper, and I’m interested in your design of preventing attribute manipulations and route leaks.

 

I think BGP-iSec is useful under a Global Attacker. But I have some concerns about using ProConIP-list under a Full Attacker (in Sec. III-B). Using ProConIP-list requires the origin AS clearly knows its provider cone, which is challenging in practice. Although we can use CAIDA topology to infer the provider cone of an AS, some provider-customer relationships may not be discovered by CAIDA topology or other existing AS relationship inference algorithms. If the ProConIP-list is not accurate or complete (i.e., covering all BGP-iSec-adopting ASes in the provider cone), it may cause legitimate BGP announcements to be dropped. Compared to publishing the whole provider cone, ASPA requires an AS to publish its provider ASes, which is easier and more feasible. Can we use BGP-iSec and ASPA together? Would that be more beneficial?

 

BTW, I will also present my new work on routing security in NDSS’2024. Looking forward to discussing more with you in San Diego:)

 

Best,

Lancheng Qin








-----原始邮件-----
发件人:"Amir Herzberg" <amir.lists at gmail.com>
发送时间:2023-11-11 07:02:48 (星期六)
收件人: NANOG <nanog at nanog.org>
主题: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks



Hi NANOGers,




We will present our new work, titled: `BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks', in NDSS'24.




If you're interested in security of Internet routing (BGP), and want a copy, see URL below, drop me a message/email - or see us in the conference - or just read the final version.




Available from: https://www.researchgate.net/publication/375553362_BGP-iSec_Improved_Security_of_Internet_Routing_Against_Post-ROV_Attacks

--

Amir Herzberg



Comcast professor of Security Innovations, Computer Science and Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:https://sites.google.com/site/amirherzberg/cybersecurity



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231120/89c8241b/attachment.html>

• Previous message (by thread): BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks
• Next message (by thread): BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]