CIS Home  |   Penn Engineering  |   Penn

QTM: Autonomous System Reputation (AS-CRED)

The Border Gateway Protocol (BGP) is the standard communication protocol for interconnecting large IP domains, called Autonomous Systems (AS). BGP operates by exchanging updates between ASes; which contains reachability information for prefixes (IP address blocks). The current design of BGP implicitly requires the existence of complete trust between ASes exchanging BGP routing information, which is a cause for concern given the tendency of many ASes to announce invalid BGP updates for some or all of their prefixes.

A valid update is defined as satisfying two conditions: (1) Accuracy : it provides accurate routing information (e.g., prefix hijacking), and (2) Necessity : the update itself is necessary for the correct operation of the Internet (e.g., it is not part of a sequence of short duration prefix announcements and withdrawals). Much work has been done in detecting occurrence of invalid updates in the Internet. These solutions however are limited to detecting inaccurate updates (e.g., prefix hijacking), none of them are designed to address the necessity aspect of update validity.

In order to remedy this situation, we have developed AS-CRED, a reputation management and alert service for Autonomous Systems. It quantifies the level of "cred"(trust) one can have in an AS' tendency to announce valid updates. Trust in AS-CRED is represented using a predictive metric called reputation . To compute the reputation of an AS, AS-CRED analyzes the updates announced by the AS, over a time-window based on well-defined properties, provides feedback to a reputation function which computes the reputation value. The reputation values thus computed are used for triggering alerts for any BGP updates received from then on which are predicted to be invalid based on the reputation of the ASes which announced them.

AS-CRED service has many uses: (1) Behavior Metric: Its association of an objective and global trust metric with every observable AS in the Internet allows ASes to not only know about other ASes but also how it itself is perceived. AS can now make better informed decisions in dealing with others and tuning their business, traffic, scalability or security policies, accordingly; (2) White-List: One of the byproducts of reputation computation is a white-list of AS-prefix pairs which are legitimate (stable and legal). The white-list can be used by ASes for tuning their import and export policies: (3) Expanded Alert Service: The alert mechanism is unlike any existing alert systems available, in that: (a) it provides an alert for both inaccurate and unnecessary updates announced, (b) it provides the reputation value for the AS involved along with the alert, which is very useful for understanding the behavior of ASes, and (c) the reputation and alerts can provide effective diagnostic and forensic tool to debug network connectivity issues at Internet scale; (4) Incentivization: The availability of reputation has the potential to provide an incentive for ASes to improve their behavior in the future.

Interested readers should check out the documents below:

  • AS-TRUST: A TRUST QUANTIFICATION SCHEME FOR AUTONOMOUS SYSTEMS IN BGP (Trust'11) - This paper extends the AS-CRED work by considering not only invalid AS-prefix binding but also the presence of valley paths and unstable AS-links in the computation of reputation value for Autonomous Systems. Further, unlike AS-CRED the reputation value computed is normalized and has a probabilistic meaning, providing a complementary (and extended) view of AS reputation.

  • AS-CRED: REPUTATION SERVICE FOR TRUSTWORTHY INTER-DOMAIN ROUTING University of Pennsylvania Technical Report, CIS-MS-10-17, April, 2010 (Submitted to ACM IMC '11) - The paper presents: (1) a reputation service for ASes, characterizing their trustworthiness to announce valid updates; (2) a set of well-defined properties for analyzing AS behavior; (3) a simple reputation function and feedback mechanism; (4) a reputation portal which regularly publishes AS reputation; and (5) a reputation-based alert service which tracks potentially invalid updates in the Internet. Detailed analysis of AS-CRED demonstrates: (a) AS behavior is repetitive making reputation an effective trust metric, and (b) AS-CRED's alerts for invalid updates show dramatic improvement over existing and similar alert systems.

  • AS-CRED: REPUTATION PORTAL AND BGP ALERT SERVICE - A service that provides an reputation repository and alert service for the Autonomous Systems in the Internet. It consists of: (1) a list of five ASes with worst reputations with repect to annoucing unnecessary and inaccurate BGP updates for that day, (2) a query service for obtaining the current reputation values for any active AS in the Internet, and (3) an alert service which records the instances of announcement of potentially inaccurate, unnecessary or new (heretofore) unseen updates.

  • SLIDES - Presented at the MURI Option Review Meeting held on June 10, 2010 at the University of Pennsylvania, Philadelphia, PA.

CIS Home  |   Penn Engineering  |   Penn