Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems  被引量：1

作　　者：Stephen Brako Oti James Ben Hayfron-Acquah 

机构地区：[1]Computer Science Department, Kwame Nkrumah University of Science & Tech., Kumasi, Ghana [2]Information Technology Department, Methodist University College, Accra, Ghana

出　　处：《Journal of Computer and Communications》2014年第8期10-21,共12页电脑和通信（英文）

摘　　要：The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.

关 键 词：Inter-Domain ROUTING SESSION HIJACKING BGP SECURITY Autonomous Systems 

分 类 号：TP39[自动化与计算机技术—计算机应用技术]