Computational complexity of traffic hijacking under BGP and S-BGP

Harmful Internet hijacking incidents put in evidence how fragile the Border Gateway Protocol (BGP) is, which is used to exchange routing information between Autonomous Systems (ASes). As proved by recent research contributions, even S-BGP, the secure variant of BGP that is being deployed, is not fully able to blunt traffic attraction attacks. Given a traffic flow between two ASes, we study how difficult it is for a malicious AS to devise a strategy for hijacking or intercepting that flow. We show that this problem marks a sharp difference between BGP and S-BGP. Namely, while it is solvable, under reasonable assumptions, in polynomial time for the type of attacks that are usually performed in BGP, it is NP-hard for S-BGP. Our study has several by-products. E.g., we solve a problem left open in the literature, stating when performing a hijacking in S-BGP is equivalent to performing an interception.

[1]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[2]  Sharon Goldberg,et al.  How secure are secure interdomain routing protocols , 2010, SIGCOMM '10.

[3]  Michael Schapira,et al.  Searching for Stability in Interdomain Routing , 2009, IEEE INFOCOM 2009.

[4]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[5]  Michael Schapira,et al.  Weakly-Acyclic (Internet) Routing Games , 2011, Theory of Computing Systems.

[6]  G. Huston,et al.  Interconnection, Peering and Settlements , 2003 .

[7]  Jennifer Rexford,et al.  Stable internet routing without global coordination , 2001, TNET.

[8]  Gordon T. Wilfong,et al.  Policy disputes in path-vector protocols , 1999, Proceedings. Seventh International Conference on Network Protocols.

[9]  Sharon Goldberg,et al.  Network-Destabilizing Attacks , 2012, ArXiv.

[10]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[11]  Gordon T. Wilfong,et al.  The stable paths problem and interdomain routing , 2002, TNET.

[12]  Jennifer Rexford,et al.  Putting BGP on the right path: a case for next-hop routing , 2010, Hotnets-IX.