Analyzing Internet Routing Security Using Model Checking

Logic for Programming, Artificial Intelligence, and Reasoning - Lecture Notes in Computer Science ◽

10.1007/978-3-662-48899-7_9 ◽

2015 ◽

pp. 112-129 ◽

Cited By ~ 2

Author(s):

Adi Sosnovich ◽

Orna Grumberg ◽

Gabi Nakibly

Keyword(s):

Model Checking ◽

Internet Routing ◽

Routing Security

Download Full-text

Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) ◽

10.29207/resti.v5i6.3631 ◽

2021 ◽

Vol 5 (6) ◽

pp. 1161-1170

Author(s):

Valen Brata Pranaya ◽

Theophilus Wellem

Keyword(s):

Autonomous Systems ◽

Public Key Infrastructure ◽

Digital Certificate ◽

Public Key ◽

The Internet ◽

Certification Authority ◽

Internet Routing ◽

Internet Connectivity ◽

Routing Security ◽

Bgp Routing

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.

Download Full-text

Combatting internet time shifters

The Project Repository Journal ◽

10.54050/prj10008011 ◽

2021 ◽

Vol 10 (1) ◽

pp. 8-11

Author(s):

Michael Schapira

Keyword(s):

Border Gateway Protocol ◽

The Internet ◽

Data Traffic ◽

Internet Routing ◽

Routing Security ◽

Bank Of England

Combatting internet time shifters Arguably, the internet’s biggest security hole is the Border Gateway Protocol (BGP), which establishes routes between the organisational networks that make up the internet (e.g. Google, Facebook, Bank of England, Deutsche Telekom, AT&T). The insecurity of the internet’s routing system is constantly exploited to steal, monitor, and tamper with data traffic. Yet, despite many years of Herculean efforts, internet routing security remains a distant dream. The goal of the SIREN project is to propose and investigate novel paradigms for closing this security hole.

Download Full-text