nanog mailing list archives

Re: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks

From: "Lancheng Qin" <qlc19 () mails tsinghua edu cn>
Date: Mon, 20 Nov 2023 18:30:32 +0800 (GMT+08:00)

Hi Amir,

I really enjoy reading this paper, and I’m interested in your design of preventing attribute manipulations and route
leaks.

I think BGP-iSec is useful under a Global Attacker. But I have some concerns about using ProConIP-list under a Full
Attacker (in Sec. III-B). Using ProConIP-list requires the origin AS clearly knows its provider cone, which is
challenging in practice. Although we can use CAIDA topology to infer the provider cone of an AS, some provider-customer
relationships may not be discovered by CAIDA topology or other existing AS relationship inference algorithms. If the
ProConIP-list is not accurate or complete (i.e., covering all BGP-iSec-adopting ASes in the provider cone), it may
cause legitimate BGP announcements to be dropped. Compared to publishing the whole provider cone, ASPA requires an AS
to publish its provider ASes, which is easier and more feasible. Can we use BGP-iSec and ASPA together? Would that be
more beneficial?

BTW, I will also present my new work on routing security in NDSS’2024. Looking forward to discussing more with you in
San Diego:)

Best,

Lancheng Qin

-----原始邮件-----
发件人:"Amir Herzberg" <amir.lists () gmail com>
发送时间:2023-11-11 07:02:48 (星期六)
收件人: NANOG <nanog () nanog org>
主题: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks

Hi NANOGers,

We will present our new work, titled: `BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks', in
NDSS'24.

If you're interested in security of Internet routing (BGP), and want a copy, see URL below, drop me a message/email -
or see us in the conference - or just read the final version.

Available from:
https://www.researchgate.net/publication/375553362_BGP-iSec_Improved_Security_of_Internet_Routing_Against_Post-ROV_Attacks

Amir Herzberg

Comcast professor of Security Innovations, Computer Science and Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:https://sites.google.com/site/amirherzberg/cybersecurity

Current thread:

BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks Amir Herzberg (Nov 10)
- Re: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks Job Snijders via NANOG (Nov 13)
  - Re: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks Amir Herzberg (Nov 14)
- Re: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks Lancheng Qin (Nov 20)
  - Re: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks Amir Herzberg (Nov 20)
    - Re: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks Tom Beecher (Nov 20)
    - Re: BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks Amir Herzberg (Nov 20)