Sharon Goldberg
Jennifer Rexford
ABSTRACT
In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information. To inform discussions of which variant should be deployed in the Internet, we quantify the ability of the main protocols (origin authentication, soBGP, S-BGP, and data-plane verification) to blunt traffic-attraction attacks; i.e., an attacker that deliberately attracts traffic to drop, tamper, or eavesdrop on packets.
Intuition suggests that an attacker can maximize the traffic he attracts by widely announcing a short path that is not flagged as bogus by the secure protocol. Through simulations on an empirically-determined AS-level topology, we show that this strategy is surprisingly effective, even when the network uses an advanced security solution like S-BGP or data-plane verification. Worse yet, we show that these results underestimate the severity of attacks. We prove that finding the most damaging strategy is NP-hard, and show how counterintuitive strategies, like announcing longer paths, announcing to fewer neighbors, or triggering BGP loop-detection, can be used to attract even more traffic than the strategy above. These counterintuitive examples are not merely hypothetical; we searched the empirical AS topology to identify specific ASes that can launch them. Finally, we find that a clever export policy can often attract almost as much traffic as a bogus path announcement. Thus, our work implies that mechanisms that police export policies (e.g., defensive filtering) are crucial, even if S-BGP is fully deployed.
- S. Goldberg, M. Schapira, P. Hummon, and J. Rexford, "How secure are secure interdomain routing protocols? Full version," tech. rep., Microsoft Research MSR-TR-2010-18, June 2010.Google Scholar
- H. Ballani, P. Francis, and X. Zhang, "A study of prefix hijacking and interception in the Internet," in ACM SIGCOMM, 2007. Google ScholarDigital Library
- A. Pilosov and T. Kapela, "Stealing the Internet: An Internet-scale man in the middle attack," Aug. 2008. Presentation at DefCon 16, http://eng.5ninesdata.com/tkapela/iphd-2.ppt.Google Scholar
- S. Goldberg, S. Halevi, A. D. Jaggard, V. Ramachandran, and R. N. Wright, "Rationality and traffic attraction: Incentives for honest path announcements in BGP," in ACM SIGCOMM, 2008. Google ScholarDigital Library
- K. Butler, T. Farley, P. McDaniel, and J. Rexford, "A survey of BGP security issues and solutions," Proceedings of the IEEE, January 2010.Google Scholar
- P. McDaniel, W. Aiello, K. Butler, and J. Ioannidis, "Origin authentication in interdomain routing," Computer Networks, Nov. 2006. Google ScholarDigital Library
- IETF, "Secure interdomain routing (SIDR) working group." http://datatracker.ietf.org/wg/sidr/charter/.Google Scholar
- R. White, "Deployment considerations for secure origin BGP (soBGP)." draft-white-sobgp-bgp-deployment-01.txt, June 2003, expired.Google Scholar
- S. Kent, C. Lynn, and K. Seo, "Secure border gateway protocol (S-BGP)," J. Selected Areas in Communications, vol. 18, pp. 582--592, April 2000. Google ScholarDigital Library
- E. L. Wong, P. Balasubramanian, L. Alvisi, M. G. Gouda, and V. Shmatikov, "Truth in advertising: Lightweight verification of route integrity," in PODC, 2007. Google ScholarDigital Library
- X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, and kc claffy, "AS relationships: Inference and validation," ACM SIGCOMM Computer Communication Review, Jan. 2007. Google ScholarDigital Library
- Y.-J. Chi, R. Oliveira, and L. Zhang, "Cyclops: The Internet AS-level observatory," ACM SIGCOMM Computer Communication Review, Oct. 2008. Google ScholarDigital Library
- B. Augustin, B. Krishnamurthy, and W. Willinger, "IXPs: Mapped?," in Proc. Internet Measurement Conference, Nov. 2009. Google ScholarDigital Library
- G. Huston, "Interconnection, peering, and settlements," in Internet Global Summit (INET), June 1999.Google Scholar
- L. Gao and J. Rexford, "Stable Internet routing without global coordination," IEEE/ACM Transactions on Networking, 2001. Google ScholarDigital Library
- L. Gao, "On inferring automonous system relationships in the Internet," IEEE/ACM Transactions on Networking, vol. 9, pp. 733--745, Dec. 2001. Google ScholarDigital Library
- J. Karlin, S. Forrest, and J. Rexford, "Autonomous security for autonomous systems," Computer Networks, Oct. 2008. Google ScholarDigital Library
- T. Griffin, F. B. Shepherd, and G. Wilfong, "The stable paths problem and interdomain routing," IEEE/ACM Transactions on Networking, Apr. 2002. Google ScholarDigital Library
- H. Chang, D. Dash, A. Perrig, and H. Zhang, "Modeling adoptability of secure BGP protocol," in ACM SIGCOMM, Sept. 2006. Google ScholarDigital Library
- Rensys Blog, "Pakistan hijacks YouTube." http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml.Google Scholar
- M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang, "PHAS: A prefix hijack alert system," in Proc. USENIX Security Symposium, 2006. Google ScholarDigital Library
Index Terms
- How secure are secure interdomain routing protocols
Recommendations
How secure are secure interdomain routing protocols
SIGCOMM '10In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information. To inform discussions of which variant should be deployed in the Internet, we quantify the ability of the ...
How secure are secure interdomain routing protocols?
In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information. The objective of this paper is to inform discussions of which variant should be deployed in the Internet. To ...
Practical Interdomain Routing Security
This article reviews risks and vulnerabilities in interdomain routing and best practices that can have near-term benefits for routing security. It includes examples of routing failures and common attacks on routers, and countermeasures to reduce router ...
Comments