IEEE Published Papers

 

Securing BGP - A Literature Survey 2010

    Securing BGP - A Literature Survey
    Huston, G; Rossi, M; Armitage, G;
    Published in: IEEE Communications Surveys & Tutorials
    Volume: PP , Issue: 99
    Page(s): 1 - 24
    ISSN: 1553-877X Publication Year: 2010
    Date of Publication: 27 May 2010
    Digital Object Identifier: 10.1109/SURV.2011.041010.00041
    ABSTRACT

      The Border Gateway Protocol (BGP) is the Internet's inter-domain routing protocol. One of the major concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet is vulnerable to various forms of attack. This paper examines the Internet's routing architecture and the design of BGP in particular, and surveys the work to date on securing BGP. To date no proposal has been seen as offering a combination of adequate security functions, suitable performance overheads and deployable support infrastructure. Some open questions on the next steps in the study of BGP security are posed.

    INDEX TERMS
      Author Keywords
      BGP , BGP security , Computer Network Protocols , IP networks , Inter-domain routing security , Internet , Measurement , Protocols , Routing , Routing protocols , Security , routing

A Technique for Reducing BGP Update Announcements through Path Exploration Damping 2010

    A Technique for Reducing BGP Update Announcements through Path Exploration Damping
    Huston, G.; Rossi, M.; Armitage, G.;
    Published in: IEEE Journal on Selected Areas in Communications
    Volume: 28, Issue: 8
    Page(s): 1271 - 1286
    Issue Date: October 2010
    ISSN: 0733-8716
    Publication Year: 2010
    Date of Publication: 27 September 2010
    Digital Object Identifier: 10.1109/JSAC.2010.101005
    INSPEC Accession Number: 11556754
    ABSTRACT

      This paper defines and evaluates Path Exploration Damping (PED) - a router-level mechanism for reducing the volume of propagation of likely transient update messages within a BGP network and decreasing average time to restore reachability compared to current BGP Update damping practices. PED selectively delays and suppresses the propagation of BGP updates that either lengthen an existing AS Path or vary an existing AS Path without shortening its length. We show how PED impacts on convergence time compared to currently deployed mechanisms like Route Flap Damping (RFD), Minimum Route Advertisement Interval (MRAI) and Withdrawal Rate Limiting (WRATE). We replay Internet BGP update traffic captured at two Autonomous Systems to observe that a PED-enabled BGP speaker can reduce the total number of BGP announcements by up to 32% and reduce Path Exploration by 77% compared to conventional use of MRAI. We also describe how PED can be incrementally deployed in the Internet, as it interacts well with prevailing MRAI deployment, and enables restoration of reachability more quickly than MRAI.

    INDEX TERMS

      INSPEC
      Controlled Indexing
      Internet , Internet , routing protocols
       
      Non Controlled Indexing
      BGP , BGP , BGP network , BGP update announcements , Internet , MRAI , WRATE , border gateway protocol , inter-domain routing protocol , minimum route advertisement interval , path exploration damping , route flap damping , router-level mechanism , transient update messages , withdrawal rate limiting
       
      Author Keywords
      Border Gateway Protocol (BGP), Border Gateway Protocol (BGP) , Internetworking , Minimum Route Advertisement Interval (MRAI) , Path Exploration Damping , Route Flap Damping (RFD) , Routing

Resource Certification - A Public Key Infrastructure for IP Addresses and AS's 2009

    Resource Certification - A Public Key Infrastructure for IP Addresses and AS's
    Huston, G.; Michaelson, G.; Kent, S.;
    Published in: IEEE Conferences, GLOBECOM Workshops, 2009 IEEE
    Issue Date: Nov. 30 2009-Dec. 4 2009 Page(s): 1 - 6
    Digital Object Identifier: 10.1109/GLOCOMW.2009.5360715
    Publication Year: 2009
    Print ISBN: 978-1-4244-5626-0
    INSPEC Accession Number: 11036805
    Date of Current Version: 28 December 2009
    ABSTRACT

      We examine a form of an X.509 Public Key certificate that is used to bind IP address and AS number resources to a public/private key pair. These certificates are used to attest to resource allocation actions, so that digitally signed attestations relating to a party's right-of-use of IP addresses and AS numbers can be validated by relying parties, using a related Resource Certificate Public Key Infrastructure. This has particular application in the area of demonstrable attestations related to the right-of-use of IP addresses, and in the area of inter-domain routing security. The issues related to the application of this PKI to inter-domain routing security are considered, and the design, management and use of resource certificates, and the structure of the related Public Key Infrastructure are described in detail.

    INDEX TERMS
      INSPEC
      Controlled Indexing
      IP networks , telecommunication network routing , telecommunication security
       
      Non Controlled Indexing
      IP addresses , inter-domain routing security , management , public/private key pair , resource certificates , resource certification public key infrastructure

TCP in a wireless world 2001