PHAS: A Prefix Hijack Alert System

Abstract: 

In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {268895,
author = {Mohit Lad and Daniel Massey and Dan Pei and Yiguo Wu and Beichuan Zhang and Lixia Zhang},
title = {{PHAS}: A Prefix Hijack Alert System},
booktitle = {15th USENIX Security Symposium (USENIX Security 06)},
year = {2006},
address = {Vancouver, B.C. Canada},
url = {https://www.usenix.org/conference/15th-usenix-security-symposium/phas-prefix-hijack-alert-system},
publisher = {USENIX Association},
month = jul
}
Download

Presentation Video

Presentation Audio

Links

Paper: 
http://usenix.org/events/sec06/tech/full_papers/lad/lad.pdf
Paper (HTML): 
http://usenix.org/events/sec06/tech/full_papers/lad/lad_html/index.html