1,071 research outputs found
The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire
The vulnerability of the Internet has been demonstrated by prominent IP
prefix hijacking events. Major outages such as the China Telecom incident in
2010 stimulate speculations about malicious intentions behind such anomalies.
Surprisingly, almost all discussions in the current literature assume that
hijacking incidents are enabled by the lack of security mechanisms in the
inter-domain routing protocol BGP. In this paper, we discuss an attacker model
that accounts for the hijacking of network ownership information stored in
Regional Internet Registry (RIR) databases. We show that such threats emerge
from abandoned Internet resources (e.g., IP address blocks, AS numbers). When
DNS names expire, attackers gain the opportunity to take resource ownership by
re-registering domain names that are referenced by corresponding RIR database
objects. We argue that this kind of attack is more attractive than conventional
hijacking, since the attacker can act in full anonymity on behalf of a victim.
Despite corresponding incidents have been observed in the past, current
detection techniques are not qualified to deal with these attacks. We show that
they are feasible with very little effort, and analyze the risk potential of
abandoned Internet resources for the European service region: our findings
reveal that currently 73 /24 IP prefixes and 7 ASes are vulnerable to be
stealthily abused. We discuss countermeasures and outline research directions
towards preventive solutions.Comment: Final version for TMA 201
From BGP to RTT and Beyond: Matching BGP Routing Changes and Network Delay Variations with an Eye on Traceroute Paths
Many organizations have the mission of assessing the quality of broadband
access services offered by Internet Service Providers (ISPs). They deploy
network probes that periodically perform network measures towards selected
Internet services. By analyzing the data collected by the probes it is often
possible to gain a reasonable estimate of the bandwidth made available by the
ISP. However, it is much more difficult to use such data to explain who is
responsible of the fluctuations of other network qualities. This is especially
true for latency, that is fundamental for several nowadays network services. On
the other hand, there are many publicly accessible BGP routers that collect the
history of routing changes and that are good candidates to be used for
understanding if latency fluctuations depend on interdomain routing.
In this paper we provide a methodology that, given a probe that is located
inside the network of an ISP and that executes latency measures and given a set
of publicly accessible BGP routers located inside the same ISP, decides which
routers are best candidates (if any) for studying the relationship between
variations of network performance recorded by the probe and interdomain routing
changes. We validate the methodology with experimental studies based on data
gathered by the RIPE NCC, an organization that is well-known to be independent
and that publishes both BGP data within the Routing Information Service (RIS)
and probe measurement data within the Atlas project
CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP
The Internet routing protocol BGP expresses topological reachability and
policy-based decisions simultaneously in path vectors. A complete view on the
Internet backbone routing is given by the collection of all valid routes, which
is infeasible to obtain due to information hiding of BGP, the lack of
omnipresent collection points, and data complexity. Commonly, graph-based data
models are used to represent the Internet topology from a given set of BGP
routing tables but fall short of explaining policy contexts. As a consequence,
routing anomalies such as route leaks and interception attacks cannot be
explained with graphs.
In this paper, we use formal languages to represent the global routing system
in a rigorous model. Our CAIR framework translates BGP announcements into a
finite route language that allows for the incremental construction of minimal
route automata. CAIR preserves route diversity, is highly efficient, and
well-suited to monitor BGP path changes in real-time. We formally derive
implementable search patterns for route leaks and interception attacks. In
contrast to the state-of-the-art, we can detect these incidents. In practical
experiments, we analyze public BGP data over the last seven years
Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation
The Border Gateway Protocol (BGP) that manages inter-domain routing on the Internet lacks security. Protective measures using public key cryptography introduce complexities and costs. To support authentication and other security functionality in large networks, we need public key infrastructures (PKIs). Protocols that distribute and validate certificates introduce additional complexities and costs. The certification path building algorithm that helps users establish trust on certificates in the distributed network environment is particularly complicated. Neither routing security nor PKI come for free. Prior to this work, the research study on performance issues of these large-scale distributed security systems was minimal. In this thesis, we evaluate the performance of BGP security protocols and PKI systems. We answer the questions about how the performance affects protocol behaviors and how we can improve the efficiency of these distributed protocols to bring them one step closer to reality. The complexity of the Internet makes an analytical approach difficult; and the scale of Internet makes empirical approaches also unworkable. Consequently, we take the approach of simulation. We have built the simulation frameworks to model a number of BGP security protocols and the PKI system. We have identified performance problems of Secure BGP (S-BGP), a primary BGP security protocol, and proposed and evaluated Signature Amortization (S-A) and Aggregated Path Authentication (APA) schemes that significantly improve efficiency of S-BGP without compromising security. We have also built a simulation framework for general PKI systems and evaluated certification path building algorithms, a critical part of establishing trust in Internet-scale PKI, and used this framework to improve algorithm performance
Mining Network Events using Traceroute Empathy
In the never-ending quest for tools that enable an ISP to smooth
troubleshooting and improve awareness of network behavior, very much effort has
been devoted in the collection of data by active and passive measurement at the
data plane and at the control plane level. Exploitation of collected data has
been mostly focused on anomaly detection and on root-cause analysis. Our
objective is somewhat in the middle. We consider traceroutes collected by a
network of probes and aim at introducing a practically applicable methodology
to quickly spot measurements that are related to high-impact events happened in
the network. Such filtering process eases further in- depth human-based
analysis, for example with visual tools which are effective only when handling
a limited amount of data. We introduce the empathy relation between traceroutes
as the cornerstone of our formal characterization of the traceroutes related to
a network event. Based on this model, we describe an algorithm that finds
traceroutes related to high-impact events in an arbitrary set of measurements.
Evidence of the effectiveness of our approach is given by experimental results
produced on real-world data.Comment: 8 pages, 7 figures, extended version of Discovering High-Impact
Routing Events using Traceroutes, in Proc. 20th International Symposium on
Computers and Communications (ISCC 2015
- …