We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

A Configuration based Approach to Mitigating Man-in-the-Middle Attacks in Enterprise Cloud IaaS Networks running BGP

by Stephen Brako Oti, Isaac Bansah, Tonny M. Adegboyega
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 146 - Number 1
Year of Publication: 2016
Authors: Stephen Brako Oti, Isaac Bansah, Tonny M. Adegboyega
10.5120/ijca2016910604

Stephen Brako Oti, Isaac Bansah, Tonny M. Adegboyega . A Configuration based Approach to Mitigating Man-in-the-Middle Attacks in Enterprise Cloud IaaS Networks running BGP. International Journal of Computer Applications. 146, 1 ( Jul 2016), 23-27. DOI=10.5120/ijca2016910604

@article{ 10.5120/ijca2016910604,
author = { Stephen Brako Oti, Isaac Bansah, Tonny M. Adegboyega },
title = { A Configuration based Approach to Mitigating Man-in-the-Middle Attacks in Enterprise Cloud IaaS Networks running BGP },
journal = { International Journal of Computer Applications },
issue_date = { Jul 2016 },
volume = { 146 },
number = { 1 },
month = { Jul },
year = { 2016 },
issn = { 0975-8887 },
pages = { 23-27 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume146/number1/25363-2016910604/ },
doi = { 10.5120/ijca2016910604 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:49:07.385241+05:30
%A Stephen Brako Oti
%A Isaac Bansah
%A Tonny M. Adegboyega
%T A Configuration based Approach to Mitigating Man-in-the-Middle Attacks in Enterprise Cloud IaaS Networks running BGP
%J International Journal of Computer Applications
%@ 0975-8887
%V 146
%N 1
%P 23-27
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Cloud IaaS service providers offer virtualized computing resources to enterprises over the internet. As with most internet based services, cloud service providers may need to establish BGP peering relationships with upstream/neighbor ISPs for the purposes of exchanging routing information between their respective Autonomous systems thereby making it possible for a rogue AS to carry out a Man-In-The-Middle (MITM) attack. Available literature supports the fact that BGP as an infrastructure protocol is vulnerable to MITM attacks yet a good number of proposals aimed at counteracting these attacks have not been fully implemented. Secure BGP, Secure Origin BGP and Pretty Secure BGP are all proposals which have not been fully implemented due to high overhead and invariable router load. We believe however that an existing cloud IaaS service provider could mitigate the risk of a MITM attack by optimizing their configurations and ensuring that upstream providers do a proper job filtering prefixes using a prefix-list. This paper presents a GNS-3 simulation of a MITM attack by mimicking a section of the internet and goes on to show how the application of a prefix-list can help mitigate the attack.

References
  1. Rashid, F. Y. (2016) Introducing the 'Treacherous 12,' the top security threats organizations face when using cloud services.http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html
  2. Oti, S.B. and Hayfron-Acquah, J.B., 2014. Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems. Journal of Computer and Communications, 2014.
  3. McCullagh, D. (2008) How Pakistan knocked YouTube offline (and how to make sure it never happens again). http://www.cnet.com/news/how-pakistan-knocked-youtube-offline-and-how-to-make-sure-it-never-happens-again/
  4. Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B. and Zhang, L., 2006, August. PHAS: A Prefix Hijack Alert System. In Usenix Security.
  5. Kent, S., Lynn, C. and Seo, K., 2000. Secure border gateway protocol (S-BGP). Selected Areas in Communications, IEEE Journal on, 18(4), pp.582-592.
  6. Butler, K.R., Farley, T.R., McDaniel, P. and Rexford, J., 2010. A Survey of BGP Security Issues and Solutions. Proceedings of the IEEE, 98(1), pp.100-122.
  7. Zhao, M., Smith, S.W. and Nicol, D.M., 2005. The performance impact of BGP security. IEEE network, 19(6), pp.42-48.
  8. White, R., 2003. Securing BGP through secure origin BGP (soBGP). Business Communications Review, 33(5), pp.47-53.
  9. Wan, T., Kranakis, E. and van Oorschot, P.C., 2005, February. Pretty Secure BGP, psBGP. In NDSS.
  10. Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B. and Zhang, L., 2006, August. PHAS: A Prefix Hijack Alert System. In Usenix Security.
  11. Murphy, S., 2006. BGP security vulnerabilities analysis. https://tools.ietf.org/html/rfc4272.html
  12. Empson, s., Gargano, P., Roth, H., CCNP Routing and Switching Portable Command Guide: Configuration of Redistributionhttp://www.ciscopress.com/articles/article.asp?p=2273507&seqNum=11
Index Terms

Computer Science
Information Sciences

Keywords

BGP security Cloud Services Prefix-List Secure BGP Session Hijacking.

Powered by PhDFocusTM