It Bends But Would It Break? Topological Analysis of BGP Infrastructures in Europe

The Internet is often thought to be a model of resilience, due to a decentralised, organically-grown architecture. This paper puts this perception into perspective through the results of a security analysis of the Border Gateway Protocol (BGP) routing infrastructure. BGP is a fundamental Internet protocol and its intrinsic fragilities have been highlighted extensively in the literature. A seldom studied aspect is how robust the BGP infrastructure actually is as a result of nearly three decades of perpetual growth. Although global black-outs seem unlikely, local security events raise growing concerns on the robustness of the backbone. In order to better protect this critical infrastructure, it is crucial to understand its topology in the context of the weaknesses of BGP and to identify possible security scenarios. Firstly, we establish a comprehensive threat model that classifies main attack vectors, including but non limited to BGP vulnerabilities. We then construct maps of the European BGP backbone based on publicly available routing data. We analyse the topology of the backbone and establish several disruption scenarios that highlight the possible consequences of different types of attacks, for different attack capabilities. We also discuss existing mitigation and recovery strategies, and we propose improvements to enhance the robustness and resilience of the backbone. To our knowledge, this study is the first to combine a comprehensive threat analysis of BGP infrastructures withadvanced network topology considerations. We find that the BGP infrastructure is at higher risk than already understood, due to topologies that remain vulnerable to certain targeted attacks as a result of organic deployment over the years. Significant parts of the system are still uncharted territory, which warrants further investigation in this direction.

[1]  Sharon Goldberg,et al.  A survey of interdomain routing policies , 2013, CCRV.

[2]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[3]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[4]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[5]  Doughan Turk,et al.  Configuring BGP to Block Denial-of-Service Attacks , 2004, RFC.

[6]  Peter Martini,et al.  About prefix hijacking in the Internet , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[7]  Jugal K. Kalita,et al.  Network attacks: Taxonomy, tools and systems , 2014, J. Netw. Comput. Appl..

[8]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[9]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[10]  Ahmed Elmokashfi,et al.  BGP Churn Evolution: a Perspective from the Core , 2010, 2010 Proceedings IEEE INFOCOM.

[11]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[12]  Beichuan Zhang,et al.  Concurrent prefix hijacks: occurrence and impacts , 2012, IMC '12.

[13]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[14]  Randy Bush BGPsec Operational Considerations , 2017, RFC.

[15]  Paul Barford,et al.  Layer 1-informed Internet Topology Measurement , 2014, Internet Measurement Conference.

[16]  Hafssa Benaboud,et al.  Security problems in BGP: An overview , 2013, 2013 National Security Days (JNS3).

[17]  Scott A. Smolka,et al.  Formal Analysis of the DNS Bandwidth Amplification Attack and Its Countermeasures Using Probabilistic Model Checking , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[18]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[19]  Geoff Huston,et al.  Measures of Self-similarity of BGP Updates and Implications for Securing BGP , 2007, PAM.

[20]  Nicholas Hopper,et al.  Peer Pressure: Exerting Malicious Influence on Routers at a Distance , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[21]  Nikolaos Chatzis Motivation for Behaviour-Based DNS Security: A Taxonomy of DNS-Related Internet Threats , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[22]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[23]  Daniel Walton,et al.  Border Gateway Protocol (BGP) Persistent Route Oscillation Condition , 2002, RFC.

[24]  Lixia Zhang,et al.  Quantifying Path Exploration in the Internet , 2006, IEEE/ACM Transactions on Networking.

[25]  Greg Goth Should We Stop Trusting Trust? , 2008, IEEE Internet Computing.

[26]  Yan Wen,et al.  Analysis on the Effect of Prefix Hijacking Attack and Internet Hierarchy , 2012, 2012 IEEE 12th International Conference on Computer and Information Technology.

[27]  Nick Feamster,et al.  An empirical study of "bogon" route advertisements , 2005, CCRV.

[28]  Chin-Tser Huang,et al.  Hop integrity in computer networks , 2002, TNET.

[29]  Grenville J. Armitage,et al.  Securing BGP — A Literature Survey , 2011, IEEE Communications Surveys & Tutorials.

[30]  Xin Zhang,et al.  Invalidating Idealized BGP Security Proposals and Countermeasures , 2015, IEEE Transactions on Dependable and Secure Computing.

[31]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[32]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM.

[33]  Anja Feldmann,et al.  Anatomy of a large european IXP , 2012, SIGCOMM '12.

[34]  Sharon Goldberg,et al.  BGP security in partial deployment: is the juice worth the squeeze? , 2013, SIGCOMM.

[35]  Bofeng Zhang,et al.  Analysis of prefix hijacking based on AS hierarchical model , 2011, 2011 5th International Conference on Network and System Security.

[36]  Sylvain Frey,et al.  Resilience of the internet:the case of the BGP backbone , 2015 .

[37]  Jose Nazario,et al.  Politically Motivated Denial of Service Attacks , 2009 .

[38]  Christopher Krügel,et al.  Are BGP Routers Open to Attack? An Experiment , 2010, iNetSec.

[39]  Georg Carle,et al.  A forensic case study on as hijacking: the attacker's perspective , 2013, CCRV.

[40]  Vittorio Rosato,et al.  Growth mechanisms of the AS-level Internet network , 2004 .

[41]  Peter Molnar,et al.  Submarine Cable Map , 2013 .

[42]  Anja Feldmann,et al.  Peering at Peerings: On the Role of IXP Route Servers , 2014, Internet Measurement Conference.

[43]  Joseph Gersch,et al.  Characterizing vulnerability to IP hijack attempts , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[44]  Massimo Marchiori,et al.  Error and attacktolerance of complex network s , 2004 .

[45]  Sharon Goldberg,et al.  Let the market drive deployment: a strategy for transitioning to BGP security , 2011, SIGCOMM.

[46]  João Damas,et al.  Preventing Use of Recursive Nameservers in Reflector Attacks , 2008, RFC.

[47]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[48]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[49]  Lixin Gao,et al.  Identifying and Addressing Protocol Manipulation Attacks in "Secure" BGP , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[50]  Aziz Mohaisen,et al.  Losing control of the internet: using the data plane to attack the control plane , 2010, CCS '10.

[51]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[52]  Sharon Goldberg,et al.  Why is it taking so long to secure internet routing? , 2014, Commun. ACM.

[53]  Ahmed Elmokashfi,et al.  On the scalability of BGP: the roles of topology growth and update rate-limiting , 2008, CoNEXT '08.

[54]  Daniel Massey,et al.  Incremental Deployment Strategies for Effective Detection and Prevention of BGP Origin Hijacks , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[55]  Ramesh Govindan,et al.  An empirical study of router response to large BGP routing table load , 2002, IMW '02.

[56]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[57]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[58]  Geoff Huston,et al.  BGP Wedgies , 2005, RFC.

[59]  Niklas Carlsson,et al.  Characterizing Large-Scale Routing Anomalies: A Case Study of the China Telecom Incident , 2013, PAM.

[60]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[61]  Kenneth Geers,et al.  The Virtual Battlefield: Perspectives on Cyber Warfare , 2009 .

[62]  Ying Zhang,et al.  Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing , 2007, NDSS.

[63]  D. Richard Kuhn,et al.  Practical Interdomain Routing Security , 2009, IT Professional.

[64]  Albert-László Barabási,et al.  Error and attack tolerance of complex networks , 2000, Nature.

[65]  Nicholas Hopper,et al.  Taking Routers Off Their Meds: Why Assumptions Of Router Stability Are Dangerous , 2012, NDSS.

[66]  Enrico Gregori,et al.  A study on traceroute potentiality in revealing the Internet AS-level topology , 2014, 2014 IFIP Networking Conference.