Home | Background | Downloads | HOWTO | IRL

Prefix Hijacking: The Internet's global routing system is built upon the Border Gateway Protocol (BGP). BGP breaks routing entities up into logical nodes called Autonomous Systems (or ASes). Each of these ASes that offers connectivity to a set of IP addresses advertises this by "announcing IP prefix(es)" to contiguous block(s) of addresses.

Modern BGP lacks any facility to authorize or limit the ability of any AS to announce any prefix. As a result, any AS can advertize that they are the origin (or owner) AS of any prefix. This could result in a user's inability to reach an important destincation (such as their bank's website), or the case in which a user is misdirected to a malicious server, etc.

This is known as prefix hijacking.

Community Feedback: BGP-Origins provides a framework in which users can use their own PGP/GPG keys to create cryptographic signatures that attest to their opinion about whether a prefix/origin mapping is valid, or invalid. Anyone may query the system (using any DNS client) to determine if there exist any user opinions about a given prefix. More detailed usage is explained on our HOWTO page.

This framework further enables users to create a list of "trust anchors" (or keys of people whose opinions matter to the user) and restrict the system's responses to data that will be useful for each individual.


June 6, 2007: BGP-Origins is presented at NANOG 40
June 5, 2007: BGP-Origins goes live!
For any additional questions or comments, please contact us at:
Eric Osterweil (eoster@cs.ucla.edu)
Dan Massey (massey@cs.colostate.edu)
Beichuan Zhang (bzhang@cs.arizona.edu)
Lixia Zhang (lixia@cs.ucla.edu)