| Nowadays, the Internet has become vital in national economic and social development, and a great number of critical applications are currently flourishing on it, such as e-finance, e-commerce, e-government, tele-medicine, and so on. However, as an important component of the critical Internet infrastructure, the BGP routing system lacks necessary security mechanisms, and malicious autonomous system (AS) operators may arbitrarily announce, intercept or tamper BGP routes. As a result, the routing system of the Internet is confronted with serious security threats.In recent years, the BGP routing system has suffered several routing security accidents, especially prefix hijacking. These events have caused great attention in both industry and academia to security issues in the BGP routing system, and several security extensions for BGP have been proposed. And, so far, none of them has been widely deployed. In this situation, BGP security monitoring is a really effective technical approach. In view of the characteristics existing in the security problems of the BGP protocol and BGP security monitoring technologies, there are many challenging research issues in BGP security monitoring.In this thesis, we have studied some key technologies in the field of BGP security monitoring, mainly including the methods used to verify the validity of routes on the part of BGP receivers, to detect prefix hijacking on the part of BGP announcers, and to evaluate the security situations in the BGP routing system. Our major contributions and innovations are followed:Considering the difficulties for BGP route receivers in validating the received routes, we propose the E-IRR method, which based on prefix policies to validate BGP routes. Drawing on the principle of registering routing policy used in Internet Routing Registry (IRR) mechanism, E-IRR utilizes prefix policies to represent the IP address spaces usage of AS operators. Furthermore, the method adopts"Preemptive Registering"to ensure the effectivity of prefix policies and aims to build global, reliable information for the ownership of all the prefixes; thereby it can help Internet operators to validate the received routes. Compared with current route-validating methods on BGP, E-IRR owns the following three advantages. First, as a result of extending Routing Policy Specification Language (RPSL) to describe prefix policies, E-IRR can describe the IP address space held by ASes and the usage modes at a higher level without revealing any privacy. Second,the more ISPs who publish their prefix policies through E-IRR, the more ISPs who are attracted to use it, and vice versa. In this way, the validity of the registered prefix policies can be guaranteed. Third, without any security extensions on BGP, E-IRR can balance well between the ability to secure BGP routing and practical needs when deployed. To solve the current difficulties for BGP route announcers in detecting prefix hijacks, we propose the Co-Monitor scheme, a new method based on the cooperation of multiple ASes to detect prefix hijacking. Whereas the BGP routing system is autonomous, the method regards the ability that every AS can monitor its local BGP routing domain as a type of resource, and encourages all participating ASes to provide these resources in order to monitor their prefixes cooperatively; so it can enlarge the monitoring scope of single participant without leaking any private routing information, and help participants to discover prefix hijacks towards them in real time. In comparison with the current hijacking detection approaches, Co-Monitor performs better than them in two aspects at least. First, Co-Monitor can provide all joined ASes a wider monitoring range of BGP routing and capture more BGP route diversity, so that it can help to reduce false negative ratio in prefix hijacking detection. Second, Co-Monitor doesn't require the monitored BGP routers to publish their private routes, and the information every participant exchanges among each other only contains BGP origin changes. Because all the exchanged information in Co-Monitor does not refer any concrete BGP routes, the privacy of participants wouldn't be revealed.To evaluate security threat situations in the BGP routing system, we propose the SEM method based on route status. The method can provide Internet operators intuitive state curves for routing security in various granularities. Based on the route status tree exploited from hierarchical characteristics implicated in the BGP routing system, SEM can describe the hierarchical relationship of various routing entities in it, store and record the security states of routes for every routing entity. Finally, the method can compute the routing security state of every entity according to the detected anomalous BGP routes. Our experiments show that SEM can evaluate security threat situations in three levels: BGP routers, ASes and the whole BGP routing system.To satisfy BGP security monitoring requirement of national backbone networks, we design and implement the RouSSeau, which stands for Routing Security Situation Awareness, Assessment, and Visualization. The system is designed modularizedly and layeredly, and is implemented with the above three methods. It can provide the security threat situation analysis for the BGP routing system of the national backbone networks.According to what we have stated above, we not only have studied the security problems on Internet inter-domain routing and BGP security monitoring technologies, but also have proposed some effective solutions to verify BGP routes, to detect prefix hijacks, to evaluate security threat situations, and so on. They are of great significance in both theory and practice to promote the research on the security issues in BGP and the technology practicality on BGP security monitoring.
|
PDF Full Text Request