Improved Calculation of aS Resilience against IP Prefix Hijacking

Network prefix hijacking is still a serious threat in the Internet. Confirmed incidents in the recent past have shown that even small autonomous systems (ASs) are able to manipulate routing information with huge global impact. Even though countermeasures exist, they are not established at large scale yet. Monitoring of the actual routing state is the only mean to provide at least information about prefix hijacking events for single ASs. Given topology information the resilience of an AS against prefix hijacking attacks can be determined. This paper proposes an improved formula to calculate the resilience of an AS against prefix hijacking. Additionally, the role of internet exchange points (IXPs) and the peering opportunities they provide are evaluated. Such opportunities allow for establishing links between ASs at very low cost. Current peering opportunities are derived from a collection of member data gathered from European IXPs. Furthermore, the effect of additional links on an AS's resilience is investigated by combining actual peering and individual peering opportunities.

[1]  Daniel Massey,et al.  Detection of invalid routing announcement in the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[2]  Lixin Gao,et al.  On inferring autonomous system relationships in the Internet , 2000, Globecom '00 - IEEE. Global Telecommunications Conference. Conference Record (Cat. No.00CH37137).

[3]  Lixia Zhang,et al.  Understanding Resiliency of Internet Topology against Prefix Hijack Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[4]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[5]  Michael Meier,et al.  Inter-AS routing anomalies: Improved detection and classification , 2014, 2014 6th International Conference On Cyber Conflict (CyCon 2014).

[6]  Randy Bush,et al.  The Resource Public Key Infrastructure (rpki) to Router Protocol , 2013 .

[7]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[8]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[9]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[10]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[11]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[12]  Jennifer Rexford,et al.  Don't Secure Routing Protocols, Secure Data Delivery , 2006, HotNets.

[13]  Michalis Faloutsos,et al.  BGP-lens: patterns and anomalies in internet routing updates , 2009, KDD.

[14]  Zhuoqing Morley Mao,et al.  Accurate Real-time Identification of IP Prefix Hijacking , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[15]  Lixin Gao,et al.  Detecting bogus BGP route information: Going beyond prefix hijacking , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[16]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[17]  Günter Schäfer,et al.  Automatic creation of VPN backup paths for improved resilience against BGP-attackers , 2012, SAC '12.

[18]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.