Dissertation/Thesis Abstract

ROVER: A DNS-based method to detect and prevent IP hijacks
by Gersch, Joseph E., Ph.D., Colorado State University, 2013, 179; 3608195
Abstract (Summary)

The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 16 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in February 2012, and an event that partially crippled Google in November 2012. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the Internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic.

In this dissertation we propose ROVER (Route Origin VERification System), a novel and practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER exploits the reverse DNS for storing route origin data and provides a fail-safe, best effort approach to authentication. This approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators.

Our thesis is that ROVER systems can be deployed by a small number of institutions in an incremental fashion and still effectively thwart origin and sub-prefix IP hijacking despite non- participation by the majority of Autonomous System owners. We then present research results supporting this statement. We evaluate the effectiveness of ROVER using simulations on an Inter- net scale topology as well as with tests on real operational systems. Analyses include a study of IP hijack propagation patterns, effectiveness of various deployment models, critical mass requirements, and an examination of ROVER resilience and scalability.

Indexing (document details)
Advisor: Massey, Daniel
Commitee: Hayne, Stephen, Papadopoulos, Christos, Strout, Michelle
School: Colorado State University
Department: Computer Science
School Location: United States -- Colorado
Source: DAI-B 75/04(E), Dissertation Abstracts International
Subjects: Information science, Computer science
Keywords: Border gateway protocol, Domain name system, Internet protocol hijacking, Route origin verification system, Security, Simulation
Publication Number: 3608195
ISBN: 978-1-303-66151-8
Copyright © 2020 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy