116 Hits in 3.1 sec

A Survey of BGP Security Issues and Solutions

K. Butler, T.R. Farley, P. McDaniel, J. Rexford
2010 Proceedings of the IEEE  
We explore the limitations and advantages of proposed security extensions to BGP, and explain why no solution has yet struck an adequate balance between comprehensive security and deployment cost.  ...  Moreover, the design of BGP and the ubiquity of its deployment have frustrated past efforts at securing interdomain routing.  ...  and Garcia-Luna-Aceves [32] , [33] proposed five countermeasures to secure interdomain routing.  ... 
doi:10.1109/jproc.2009.2034031 fatcat:55lyamp4vbhq5dqwipcima5q2i

IP prefix hijacking detection using the collection of as characteristics

Seong-Cheol Hong, James Won-Ki Hong, Hongtaek Ju
2011 2011 13th Asia-Pacific Network Operations and Management Symposium  
IP prefix hijacking is a well-known security threat that corrupts Internet routing tables and has some common characteristics such as MOAS conflicts and invalid routes in BGP messages.  ...  In this paper, we present the method of collecting network fingerprints for verifying destination reachability and also propose an IP prefix hijacking detection method using the collected fingerprints.  ...  To mitigate the impact of incorrect routing information, some BGP extensions have been proposed, such as Secure BGP (S-BGP) [3] and Secure Origin BGP (soBGP) [4] .  ... 
doi:10.1109/apnoms.2011.6077014 dblp:conf/apnoms/HongHJ11 fatcat:h4fozsom35e5fdpbvbyxviwnny

A survey on the recent efforts of the Internet Standardization Body for securing inter-domain routing

M.S. Siddiqui, D. Montero, R. Serral-Gracià, X. Masip-Bruin, M. Yannuzzi
2015 Computer Networks  
We also discuss the post SIDR inter-domain routing unresolved security challenges along with the deployment and adoption challenges of SIDR's proposals.  ...  In this paper, we survey the efforts of the SIDR WG including, the Resource Public Key Infrastructure (RPKI), Route Origin Authorizations (ROAs), and BGP Security (BGPSEC), for securing the BGP protocol  ...  Government under contract 2009 SGR1508, the IST Open-LAB Project under contract FP7-287581, and Cisco Systems through a Cisco RFP grant.  ... 
doi:10.1016/j.comnet.2015.01.017 fatcat:ed5w2mpo5neu7hseztvixjkmbm

Secure traceroute to detect faulty or malicious routing

Venkata N. Padmanabhan, Daniel R. Simon
2003 Computer communication review  
To this end, we propose a different approach, the central idea of which is a secure traceroute protocol that enables end hosts or routers to detect and locate the source of (arbitrarily severe) routing  ...  The existing approach to addressing this problem is to secure the routing protocol by having it validate routing updates, i.e., verify their authenticity, accuracy, and/or consistency.  ...  Acknowledgements We would like to thank John Douceur, Jitu Padhye, Lili Qiu, Stefan Saroiu, and the anonymous HotNets reviewers for their useful feedback on an earlier version of this paper.  ... 
doi:10.1145/774763.774775 fatcat:4zbdjphiv5fpxj5kqrbeabmyy4

Exploring the Attack Surface of Blockchain: A Systematic Overview [article]

Muhammad Saad, Jeffrey Spaulding, Laurent Njilla, Charles Kamhoua, Sachin Shetty, DaeHun Nyang, Aziz Mohaisen
2019 arXiv   pre-print
A secondary contribution of this work is outlining effective defense measures taken by the Blockchain technology or proposed by researchers to mitigate the effects of these attacks and patch associated  ...  stale blocks, block ingestion, wallet thefts, smart contract attacks, and privacy attacks.  ...  Heilman [140] and Solat and Potop-Butucaru [142] proposed countermeasures for selfish mining and block withholding.  ... 
arXiv:1904.03487v1 fatcat:bo67ns67enh3dpzzlmkbtbgx6i

Locating Prefix Hijackers using LOCK

Tongqing Qiu, Lusheng Ji, Dan Pei, Jia Wang, Jun (Jim) Xu, Hitesh Ballani
2009 USENIX Security Symposium  
Moreover, LOCK is robust against various countermeasures that the hijackers may employ.  ...  A number of measurement based solutions have been proposed to detect prefix hijacking events.  ...  Acknowledgement Tongqing Qiu and Jun Xu are supported in part by NSF grants CNS-0519745, CNS-0626979, CNS-0716423, and CAREER Award ANI-023831.  ... 
dblp:conf/uss/QiuJPWXB09 fatcat:pygyxgxzenf3rhn67nkiuehhsq

Decoupling policy from mechanism in Internet routing

Alex C. Snoeren, Barath Raghavan
2004 Computer communication review  
End users and ISPs alike have little control over how their packets are handled outside of their networks, stemming in part from limitations of the current wide-area routing protocol, BGP.  ...  As a concrete mechanism for enforcing forwarding policy, we propose the concept of a network capability that binds together a path request, an accountable resource principal, and an authorizing agent.  ...  due to security concerns 1 .  ... 
doi:10.1145/972374.972389 fatcat:uois6lx2wncfnjxflfqlw5yy3y

A Stealthier Partitioning Attack against Bitcoin Peer-to-Peer Network

Muoi Tran, Inho Choi, Gi Jun Moon, Anh V. Vu, Min Suk Kang
2020 2020 IEEE Symposium on Security and Privacy (SP)  
., a network adversary exploits a BGP vulnerability and performs a prefix hijacking attack (viz. Apostolaki et al. [3]).  ...  Due to the nature of BGP operation, such a hijacking is globally observable and thus enables immediate detection of the attack and the identification of the perpetrator.  ...  We thank Matt Corallo and other Bitcoin core developers for the discussion on countermeasures [C3] and [C4]. This research is supported by the CRYSTAL Centre at National University of Singapore.  ... 
doi:10.1109/sp40000.2020.00027 dblp:conf/sp/TranCMVK20 fatcat:4ii5sr4vzvaglgoyymcdz6exdm

An incrementally deployable anti-spoofing mechanism for software-defined networks

Jonghoon Kwon, Dongwon Seo, Minjin Kwon, Heejo Lee, Adrian Perrig, Hyogon Kim
2015 Computer Communications  
It causes many serious security problems such as the difficulty of packet authenticity and IP traceback.  ...  While many IP spoofing prevention techniques have been proposed apart from ingress filtering, none have achieved widespread real-world use.  ...  A preliminary version of this paper appeared in ACM Symp. on Information, Computer and Communication Security 2007 [88] .  ... 
doi:10.1016/j.comcom.2015.03.003 fatcat:z6pemfhr7ffvbilp55sflymou4

Blockchain System Defensive Overview for Double-Spend and Selfish Mining Attacks: A Systematic Approach

Kervins Nicolas, Yi Wang, George C. Giakos, Bingyang Wei, Hongda Shen
2020 IEEE Access  
It presents a comparison framework for existing and future research on blockchain security. Finally, some recommendations are proposed for blockchain researchers and developers.  ...  We employed the systematic approach to analyze a total of 40 selected studies using the proposed taxonomy of defensive strategies: monitoring, alert forwarding, alert broadcasting, inform, detection, and  ...  This strategy is ideally integrated for the fork instant and used to identify selfish mining attacks.  ... 
doi:10.1109/access.2020.3047365 fatcat:6ofb6os2mfea7alfc3l4hnbqly

DNSSEC for cyber forensics

Haya Shulman, Michael Waidner
2014 EURASIP Journal on Information Security  
the only proposed defence that enables a posteriori forensic analysis of attacks.  ...  In particular, we review common situations where (1) attackers can frequently obtain MitM capabilities and (2) even weaker attackers can subvert DNS security.  ...  Acknowledgements This research was supported by the German Federal Ministry of Education and Research (BMBF) within EC SPRIDE, and by the Hessian LOEWE excellence initiative within CASED.  ... 
doi:10.1186/s13635-014-0016-2 fatcat:kpjll56wkndxzkigwv4mifmaom

Controlling IP Spoofing through Interdomain Packet Filters

Zhenhai Duan, Xin Yuan, J. Chandrashekar
2008 IEEE Transactions on Dependable and Secure Computing  
IDPFs are constructed from the information implicit in BGP route updates and are deployed in network border routers.  ...  In this paper, we propose an inter-domain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet.  ...  ACKNOWLEDGMENT We thank Kihong Park, Heejo Lee, and Ali Selcuk for providing us with the dpf simulation tool, and the Oregon Route Views Project for making BGP routing tables and updates publicly available  ... 
doi:10.1109/tdsc.2007.70224 fatcat:ojxw6vetmje7pjbe2qbhsyt23a

Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors

Olivier Bronchain, Charles Momin, Thomas Peters, François-Xavier Standaert
2021 Transactions on Cryptographic Hardware and Embedded Systems  
We then describe and analyze a new mode of operation for which we propose more conservative security parameters and show that it competes with the CHES 2020 one in terms of performances.  ...  We show that the design of this scheme ignores an important attack vector that can significantly reduce its security claims, and that the evaluation of its leakage-resilient PRF is quite sensitive to minor  ...  Acknowledgments Thomas Peters and François-Xavier Standaert are respectively research associate and senior research associate of the Belgian Fund for Scientific Research (F.R.S.-FNRS).  ... 
doi:10.46586/tches.v2021.i3.641-676 fatcat:7bq2ute76jcghnnc4f7563qm3u

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates

Z. Duan, X. Yuan, J. Chandrashekar
2006 Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications  
IDPFs are constructed from the information implicit in BGP route updates and are deployed in network border routers.  ...  In this paper we propose an inter-domain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet.  ...  ACKNOWLEDGMENT We thank Kihong Park, Heejo Lee, and Ali Selcuk for providing us with the dpf simulation tool, and the Oregon Route Views Project for making BGP routing tables and updates publicly available  ... 
doi:10.1109/infocom.2006.128 dblp:conf/infocom/DuanYC06 fatcat:k7ifqml3cbcmhpydnfuwge53wa

SCION: Scalability, Control, and Isolation on Next-Generation Networks

Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig, David G. Andersen
2011 2011 IEEE Symposium on Security and Privacy  
Both our security analysis and evaluation results show that SCION naturally prevents numerous attacks and provides a high level of resilience, scalability, control, and isolation.  ...  As a result, our architecture provides strong resilience and security properties as an intrinsic consequence of good design principles, avoiding piecemeal add-on protocols as security patches.  ...  ACKNOWLEDGMENTS We gratefully thank John Byers, Virgil Gligor, Marco Gruteser, Srini Seshan, Peter Steenkiste, and Hui Zhang for constructive discussions and insightful suggestions, and the anonymous reviewers  ... 
doi:10.1109/sp.2011.45 dblp:conf/sp/ZhangHHCPA11 fatcat:zrtostb5xvb3jkqe5f23s736ja
« Previous Showing results 1 — 15 out of 116 results