Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

Route Leaks Identification by Detecting Routing Loops

Download
277 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_17,
        author={Song Li and Haixin Duan and Zhiliang Wang and Xing Li},
        title={Route Leaks Identification by Detecting Routing Loops},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={AS relationship Routing policies Route leaks Routing loops Identification},
        doi={10.1007/978-3-319-28865-9_17}
    }
    
  • Song Li
    Haixin Duan
    Zhiliang Wang
    Xing Li
    Year: 2016
    Route Leaks Identification by Detecting Routing Loops
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_17
Song Li1,*, Haixin Duan1,*, Zhiliang Wang1,*, Xing Li1,*
  • 1: Tsinghua University
*Contact email: lisong10@mails.tsinghua.edu.cn, duanhx@tsinghua.edu.cn, wzl@csnet1.cs.tsinghua.edu.cn, Xing@cernet.edu.cn

Abstract

Route leaks have become an important security problem of inter-domain routing. Operators increasingly suffer from large-scale or small-scale route leak incidents in recent years. Route leaks can redirect traffic to unintended networks, which puts the traffic at risk of Man-in-the-Middle attack. Unlike other security threats such as prefix hijacking that advertises bogus BGP route, route leaks announce routes which are true but in violation of routing policies to BGP neighbors. Since the routing policies are usually kept confidential, detecting route leaks in the Internet is a challenging problem. In this paper, we reveal a link between routing loops and route leaks. We find that some route leaks may cause routing loops. Hence detecting routing loops is expected to be able to identify route leaks. We provide theoretical analysis to confirm the expectation, and further propose a detection mechanism which can identify the leaked route as well as the perpetrator AS. Our mechanism does not require information about routing policies. It passively monitors BGP routes to detect route leaks and hence it is lightweight and easy to deploy. The evaluation results show that our mechanism can detect a lot of route leaks that occur in the Internet per day.