Design of Lightweight Alternatives to Secure Border Gateway Protocol and Mitigate against Control and Data Plane Attacks

FieldValue
dc.contributor.authorIsrar, Junaid
dc.date.accessioned2012-05-01T16:03:41Z
dc.date.available2012-05-01T16:03:41Z
dc.date.created2012
dc.date.issued2012
dc.identifier.urihttp://hdl.handle.net/10393/22812
dc.identifier.urihttp://dx.doi.org/10.20381/ruor-5677
dc.description.abstractBorder Gateway Protocol (BGP) is the backbone of routing infrastructure in the Internet. In its current form, it is an insecure protocol with potential for propagation of bogus routing information. There have been several high-profiles Internet outages linked to BGP in recent times. Several BGP security proposals have been presented in the literature; however, none has been adopted so far and, as a result, securing BGP remains an unsolved problem to this day. Among existing BGP security proposals, Secure BGP (S-BGP) is considered most comprehensive. However, it presents significant challenges in terms of number of signature verifications and deployment considerations. For it to provide comprehensive security guarantees, it requires that all Autonomous Systems (ASes) in the Internet to adopt the scheme and participate in signature additions and verifications in BGP messages. Among others, these challenges have prevented S-BGP from being deployed today. In this thesis, we present two novel lightweight security protocols, called Credible BGP (C-BGP) and Hybrid Cryptosystem BGP (HC-BGP), which rely on security mechanisms in S-BGP but are designed to address signature verification overhead and deployment challenges associated with S-BGP. We develop original and detailed analytical and simulation models to study performance of our proposals and demonstrate that the proposed schemes promise significant savings in terms of computational overhead and security performance in presence of malicious ASes in the network. We also study the impact of IP prefix hijacking on control plane as well as data plane. Specifically, we analyze the impact of bogus routing information on Inter-Domain Packet Filters and propose novel and simple extensions to existing BGP route selection algorithm to combat bogus routing information.
dc.language.isoen
dc.publisherUniversité d'Ottawa / University of Ottawa
dc.subjectBGP
dc.subjectsecurity
dc.subjectRPKI
dc.subjectIP spoofing
dc.subjectS-BGP
dc.subjectC-BGP
dc.titleDesign of Lightweight Alternatives to Secure Border Gateway Protocol and Mitigate against Control and Data Plane Attacks
dc.typeThesis
dc.faculty.departmentScience informatique et génie électrique / Electrical Engineering and Computer Science
dc.contributor.supervisorMouftah, Hussein
dc.embargo.termsimmediate
dc.degree.namePhD
dc.degree.leveldoctorate
dc.degree.disciplineGénie / Engineering
thesis.degree.namePhD
thesis.degree.levelDoctoral
thesis.degree.disciplineGénie / Engineering
uottawa.departmentScience informatique et génie électrique / Electrical Engineering and Computer Science
CollectionThèses, 2011 - // Theses, 2011 -

Files