We present the design of a secure identifier-based inter-domain routing, SIR, for the identifier/locator split network. On the one hand, SIR is a distributed path-vector protocol inheriting the flexibility of BGP. On the other hand, SIR separates ASes into several groups called trust groups, which assure the trust relationships among ASes by enforceable control and provides strict isolation properties to localize attacks and failures. Security analysis shows that SIR can provide control plane security that can avoid routing attacks including some smart attacks which S-BGP/soBGP can be deceived. Meanwhile, emulation experiments based on the current Internet topology with 47,000 ASes from the CAIDA database are presented, in which we compare the number of influenced ASes under attacks of subverting routing policy between SIR and S-BGP/BGP. The results show that, the number of influenced ASes decreases substantially by deploying SIR.
Yaping LIU
National University of Defense Technology
Zhihong LIU
National University of Defense Technology
Baosheng WANG
National University of Defense Technology
Qianming YANG
National University of Defense Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Yaping LIU, Zhihong LIU, Baosheng WANG, Qianming YANG, "SIR: A Secure Identifier-Based Inter-Domain Routing for Identifier/Locator Split Network" in IEICE TRANSACTIONS on Communications,
vol. E96-B, no. 7, pp. 1742-1752, July 2013, doi: 10.1587/transcom.E96.B.1742.
Abstract: We present the design of a secure identifier-based inter-domain routing, SIR, for the identifier/locator split network. On the one hand, SIR is a distributed path-vector protocol inheriting the flexibility of BGP. On the other hand, SIR separates ASes into several groups called trust groups, which assure the trust relationships among ASes by enforceable control and provides strict isolation properties to localize attacks and failures. Security analysis shows that SIR can provide control plane security that can avoid routing attacks including some smart attacks which S-BGP/soBGP can be deceived. Meanwhile, emulation experiments based on the current Internet topology with 47,000 ASes from the CAIDA database are presented, in which we compare the number of influenced ASes under attacks of subverting routing policy between SIR and S-BGP/BGP. The results show that, the number of influenced ASes decreases substantially by deploying SIR.
URL: https://global.ieice.org/en_transactions/communications/10.1587/transcom.E96.B.1742/_p
Copy
@ARTICLE{e96-b_7_1742,
author={Yaping LIU, Zhihong LIU, Baosheng WANG, Qianming YANG, },
journal={IEICE TRANSACTIONS on Communications},
title={SIR: A Secure Identifier-Based Inter-Domain Routing for Identifier/Locator Split Network},
year={2013},
volume={E96-B},
number={7},
pages={1742-1752},
abstract={We present the design of a secure identifier-based inter-domain routing, SIR, for the identifier/locator split network. On the one hand, SIR is a distributed path-vector protocol inheriting the flexibility of BGP. On the other hand, SIR separates ASes into several groups called trust groups, which assure the trust relationships among ASes by enforceable control and provides strict isolation properties to localize attacks and failures. Security analysis shows that SIR can provide control plane security that can avoid routing attacks including some smart attacks which S-BGP/soBGP can be deceived. Meanwhile, emulation experiments based on the current Internet topology with 47,000 ASes from the CAIDA database are presented, in which we compare the number of influenced ASes under attacks of subverting routing policy between SIR and S-BGP/BGP. The results show that, the number of influenced ASes decreases substantially by deploying SIR.},
keywords={},
doi={10.1587/transcom.E96.B.1742},
ISSN={1745-1345},
month={July},}
Copy
TY - JOUR
TI - SIR: A Secure Identifier-Based Inter-Domain Routing for Identifier/Locator Split Network
T2 - IEICE TRANSACTIONS on Communications
SP - 1742
EP - 1752
AU - Yaping LIU
AU - Zhihong LIU
AU - Baosheng WANG
AU - Qianming YANG
PY - 2013
DO - 10.1587/transcom.E96.B.1742
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E96-B
IS - 7
JA - IEICE TRANSACTIONS on Communications
Y1 - July 2013
AB - We present the design of a secure identifier-based inter-domain routing, SIR, for the identifier/locator split network. On the one hand, SIR is a distributed path-vector protocol inheriting the flexibility of BGP. On the other hand, SIR separates ASes into several groups called trust groups, which assure the trust relationships among ASes by enforceable control and provides strict isolation properties to localize attacks and failures. Security analysis shows that SIR can provide control plane security that can avoid routing attacks including some smart attacks which S-BGP/soBGP can be deceived. Meanwhile, emulation experiments based on the current Internet topology with 47,000 ASes from the CAIDA database are presented, in which we compare the number of influenced ASes under attacks of subverting routing policy between SIR and S-BGP/BGP. The results show that, the number of influenced ASes decreases substantially by deploying SIR.
ER -