nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Client Side Localization of BGP Hijack Attacks with a Quasi-realistic Internet Graph

verfasst von : Paulo Salvador

Erschienen in: E-Business and Telecommunications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Internet routing relies completely on the Border Gateway Protocol (BGP) which is inherently insecure and allow the deployment of route hijacking attacks. The client side detection of such type of attacks can be achieved by detecting Round Trip Time (RTT) deviations from multiple points on the Internet to the target network. However, the localization of the autonomous systems where the attack originates can only be performed with an underlying realistic and precise model of the Internet interconnections. A usable and useful realistic Internet interconnections model does not exist. The existing interconnection models are to simplistic to be applicable in real scenarios and/or incorporate to much uncorrelated information that cannot be used due to its complexity.

This work presents a client side methodology to locate the source of BGP hijack attacks based on a quasi-realist graph that models the Internet as an all. The construction of such graph builds upon all known Internet exchange points (IX) and landing points of all known submarine cables. The lack of information about interconnections between Internet exchangers (IX) nodes and landing points is extrapolated from simple rules that take in consideration Earth geographic characteristics. This approach results in a graph that includes all major corner stones of the Internet while maintaining a simple structure. This underlying quasi-realist graph model of the Internet will allow the search for IX nodes where a false route could be injected to create a similar RTT anomaly observed during an attack.

With very simplistic assumptions as similar node, link loads and symmetric routing by the shortest path, and calibration using a relatively small set of world-scale measurements, the proof-of-concept results show that the model allows to locate the source of routing hijack attacks within a reasonable degree of efficiency.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Ka-band High Throughput Satellites for 5G Based Applications: The Athena-Fidus Case Study

Pilosov, A., Kapela, T.: Stealing the internet - an internet-scale man in the middle attack. In: DEFCON 2016, August 2008

Cowie, J.: The New Threat: Targeted Internet Traffic Misdirection. Dyn Blog, November 2013. http://dyn.com/blog/mitm-internet-hijacking/

Madory, D.: On-going BGP Hijack Targets Palestinian ISP. Dyn Blog, January 2015. http://dyn.com/blog/going-bgp-attack-targets-palestinian-isp/

Madory, D.: UK traffic diverted through Ukraine. Dyn Blog, March 2015. http://dyn.com/blog/uk-traffic-diverted-ukraine/

Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M., Bush, R.: iSPY: detecting IP prefix hijacking on my own. IEEE/ACM Trans. Netw. 18(6), 1815–1828 (2010)CrossRef

Liu, Y., Luo, X., Chang, R., Su, J.: Characterizing inter-domain rerouting by betweenness centrality after disruptive events. IEEE J. Sel. Areas Commun. 31(6), 1147–1157 (2013)CrossRef

Salvador, P., Nogueira, A.: Customer-side detection of internet-scale traffic redirection. In: 16th International Telecommunications Network Strategy and Planning Symposium (NETWORKS 2014), September 2014

Silva, M., Nogueira, A., Salvador, P.: Modular platform for customer-side detection of BGP redirection attacks. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, pp. 199–206. INSTICC, SciTePress (2018)

Salvador, P.: A quasi-realistic internet graph. In: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications (ICETE 2017), pp. 27–32 (2017)

10.

Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., Zhang, L.: PHAS: a prefix hijack alert system. In: Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15. USENIX-SS 2006. USENIX Association, Berkeley (2006). http://dl.acm.org/citation.cfm?id=1267336.1267347

11.

Schlamp, J., Holz, R., Jacquemart, Q., Carle, G., Biersack, E.W.: HEAP: reliable assessment of BGP hijacking attacks. IEEE J. Sel. Areas Commun. 34(6), 1849–1861 (2016)CrossRef

12.

Kasiviswanathan, S.P., Eidenbenz, S., Yan, G.: Geography-based analysis of the internet infrastructure. In: 2011 Proceedings IEEE INFOCOM, pp. 131–135, April 2011

13.

Mátray, P., Hága, P., Laki, S., Csabai, I., Vattay, G.: On the network geography of the internet. In: 2011 Proceedings IEEE INFOCOM, pp. 126–130, April 2011

14.

Landa, R., Araújo, J.T., Clegg, R.G., Mykoniati, E., Griffin, D., Rio, M.: The large-scale geography of internet round trip times. In: 2013 IFIP Networking Conference, pp. 1–9, May 2013

15.

Durairajan, R., Ghosh, S., Tang, X., Barford, P., Eriksson, B.: Internet Atlas: a geographic database of the internet. In: Proceedings of the 5th ACM Workshop on HotPlanet, HotPlanet 2013, pp. 15–20. ACM, New York (2013). https://doi.org/10.1145/2491159.2491170

16.

Durairajan, R., Barford, P., Sommers, J., Willinger, W.: Intertubes: a study of the us long-haul fiber-optic infrastructure. SIGCOMM Comput. Commun. Rev. 45(4), 565–578 (2015). https://doi.org/10.1145/2829988.2787499CrossRef

17.

Alexander, J.: Loxodromes: A rhumb way to go. Mathematics Magazine 77, December 2004

Titel: Client Side Localization of BGP Hijack Attacks with a Quasi-realistic Internet Graph
verfasst von: Paulo Salvador
Verlag: Springer International Publishing
Buch: E-Business and Telecommunications
Print ISBN: 978-3-030-11038-3

Electronic ISBN: 978-3-030-11039-0

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-11039-0_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"