Some of the material in is restricted to members of the community. By logging in, you may be able to gain additional access to certain collections or items. If you have questions about access or logging in, please use the form on the Contact Page.
The Internet is composed of tens of thousands of network domains or Autonomous Systems (ASes), and Border Gateway Protocol (BGP) is the current de facto inter-domain routing protocol used by network domains to exchange reach ability of network prefixes. Despite of its vital importance to the correct operation of the global Internet, it is vulnerable to a number of security attacks including prefix hijacking and sub-prefix hijacking. One of the major security problems with BGP is the lack of mechanisms to authenticate or validate a route announced by a neighbor. Over the years, many large-scale BGP security events have been reported, where large blocks of the Internet prefixes became unreachable because of invalid advertisement of routes. Although many of the reported events were caused by unintentional misconfiguration, they nevertheless demonstrated the potential security problem of BGP. In this thesis we develop and study a new scheme to detect abnormal BGP updates including prefix and sub-prefix hijacking. This scheme correlates the network prefix and AS number allocation information that is publicly available to determine if a received route is safe. One critical advantage of the scheme is that it can be incrementally deployed by individual ASes which wish to identify and isolate the invalid routes. In this thesis we verify the effectiveness of the proposed scheme using the network prefix and AS number allocation information maintained by the main Regional Internet Registries (RIR) and the Internet Assigned Number Authority (IANA). Our performance studies show that the proposed scheme, though simple, can be quite effective in detecting prefix and sub-prefix hijacking attacks, despite of the incompleteness of the databases. Additionally, we suggest that in combination with our system, better policies for updating and maintaining allocation information should be followed.
A Thesis Submitted to the Department of Computer Science in Partial FulﬁLlment of the Requirements for the Degree of Master of Science.
Includes bibliographical references.
Zhenhai Duan, Professor Directing Thesis; Xin Yuan, Committee Member; Berno de Medeiros, Committee Member.
Florida State University
Use and Reproduction
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). The copyright in theses and dissertations completed at Florida State University is held by the students who author them.