How to Take Back Your Address Space

Abstract:

Preventing adversaries from hijacking address space is important, but network operators are reluctant to deploy secure routing protocols. In this paper, we present Clout, a system that like secure routing protocols prevents prefix hijacking but, in contrast to these protocols, is easily deployable. Clout is deployable by unilateral action from a single party, or multilateral action from a moderate number of independent parties, without requiring changes to BGP or the data plane. In Clout, a collection of networks jointly defends a prefix by simultaneously announcing it in BGP, essentially hijacking the hijacker. Clout relies on the premise that the adversary can be outnumbered, a requirement attainable in practice. Deployment scenarios of Clout are also presented for emergency response and as a long-standing commercial service.