Abstract
Application-layer and network-layer defenses are critical for fortifying routing attacks.
- Apostolaki, M., Marti, G., Muller, J., and Vanbever, L. SABRE: Protecting Bitcoin against routing attacks. In Proceedings of Network and Distributed System Security Symp., 2019.Google ScholarCross Ref
- Apostolaki, M., Zohar, A., and Vanbever, L. Hijacking Bitcoin: Routing attacks on cryptocurrencies. In Proceedings of IEEE Symp. on Security and Privacy, 2017.Google ScholarCross Ref
- Birge-Lee, H., Sun, Y., Edmundson, A., Rexford, J., and Mittal, P. Bamboozling certificate authorities with BGP. In Proceedings of USENIX Security Symp., 2018.Google Scholar
- Birge-Lee, H., Wang, L., Rexford, J., and Mittal, P. SICO: Surgical interception attacks by manipulating BGP communities. In Proceedings of ACM Con. Computer and Communications Security, 2019.Google ScholarDigital Library
- Boldyreva, A. and Lychev, R. Provable security of S-BGP and other path vector protocols: Model, analysis and extensions. In Proceedings of ACM Conf. Computer and Communications Security, 2012.Google ScholarDigital Library
- Bush, R. and Austein, R. The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810, RFC Editor, Jan. 2013.Google Scholar
- Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of USENIX Security Symp., 2004.Google ScholarCross Ref
- Gill, P., Schapira, M., and Goldberg, S. Let the market drive deployment: A strategy for transitioning to BGP security. ACM SIGCOMM, 2011.Google ScholarDigital Library
- Goldberg, S. Surveillance without borders: The "traffic shaping" loophole and why it matters. The Century Foundation, 2017.Google Scholar
- Hu, X. and Mao, Z.M. Accurate real-time identification of IP prefix hijacking. In Proceedings of IEEE Symp. on Security and Privacy, 2007.Google ScholarDigital Library
- Kent, S., Lynn, C., and Seo, K. Secure border gateway protocol (S-BGP). IEEE J. Selected Areas in Commun. 18, 4 (2000), 582--592.Google ScholarDigital Library
- Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. PHAS: A prefix hijack alert system. In Proceedings of USENIX Security Symp., 2006.Google Scholar
- Lepinski, M. and Sriram, K. BGPsec Protocol Specification. RFC 8205, RFC Editor, Sept. 2017.Google Scholar
- Lychev, R., Goldberg, S., and Schapira, M. BGP security in partial deployment: Is the juice worth the squeeze? ACM SIGCOMM, 2013.Google ScholarDigital Library
- Qiu, J., Gao, L., Ranjan, S., and Nucci, A. Detecting bogus BGP route information: Going beyond prefix hijacking. SecureComm, 2007.Google ScholarCross Ref
- Reuter, A., Bush, R., Cunha, I., Katz-Bassett, E., Schmidt, T.C., and Wahlisch, M. Towards a rigorous methodology for measuring adoption of RPKI route validation and filtering. ACM SIGCOMM Computer Commun. Rev. 48, 1 (2018), 19--27.Google ScholarDigital Library
- Scheitle, Q. et al. A first look at certification authority authorization (CAA). SIGCOMM Comput. Commun. Rev., 48(2):10--23, May 2018.Google ScholarDigital Library
- Schlinker, B., Arnold, T., Cunha, I., and Katz-Bassett, E. PEERING: Virtualizing BGP at the edge for research. In Proceedings of ACM SIGCOMM CoNEXT Conf. Dec. 2019.Google ScholarDigital Library
- Shi, X., Xiang, Y., Wang, Z., Yin, X., and Wu, J. Detecting prefix hijackings in the Internet with Argus. In Proceedings of Internet Measurement Conf., 2012.Google ScholarDigital Library
- Snijders, J. Practical everyday BGP filtering with AS PATH filters: PeerLocking. NANOG-67, Chicago, June, 2016.Google Scholar
- Sun, Y., Edmundson, A., Feamster, N., Chiang, M., and Mittal, P. Counter-RAPTOR: Safeguarding Tor against active routing attacks. In Proceedings of IEEE Symp. Security and Privacy, 2017.Google ScholarCross Ref
- Sun, Y., Edmundson, A., Vanbever, L., Li, O., Rexford, J., Chiang, M., and Mittal, P. RAPTOR: Routing attacks on privacy in Tor. In Proceedings of USENIX Security Symp., 2015.Google Scholar
- Tan, H., Sherr, M., and Zhou, W. Data-plane defenses against routing attacks on Tor. In Privacy Enhancing Technologies Symp., 2016.Google ScholarCross Ref
- Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M. and Bush, R. iSpy: Detecting IP prefix hijacking on my own. ACM SIGCOMM, 2008.Google ScholarDigital Library
- Zheng, C., Ji, L., Pei, D., Wang, J., and Francis, P. A lightweight distributed scheme for detecting IP prefix hijacks in real-time. ACM SIGCOMM, 2007.Google Scholar
- Birge-Lee, H., Wang, L., McCarney, D., Shoemaker, R., Rexford, J., and Mittal, P. Experiences deploying multi-vantage-point domain validation at Let's Encrypt. In Proceedings of USENIX Security Symp., 2021Google Scholar
Index Terms
- Securing internet applications from routing attacks
Recommendations
Securing web applications from injection and logic vulnerabilities
Context: Web applications are trusted by billions of users for performing day-to-day activities. Accessibility, availability and omnipresence of web applications have made them a prime target for attackers. A simple implementation flaw in the ...
Securing Structured Overlays against Identity Attacks
Structured overlay networks can greatly simplify data storage and management for a variety of distributed applications. Despite their attractive features, these overlays remain vulnerable to the Identity attack, where malicious nodes assume control of ...
Comments