SICO: Surgical Interception Attacks by Manipulating BGP Communities

The Border Gateway Protocol (BGP) is the primary routing protocol for the Internet backbone, yet it lacks adequate security mechanisms. While simple BGP hijack attacks only involve an adversary hijacking Internet traffic destined to a victim, more complex and challenging interception attacks require that adversary intercept a victim's traffic and forward it on to the victim. If an interception attack is launched incorrectly, the adversary's attack will disrupt its route to the victim making it impossible to forward packets. To overcome these challenges, we introduce SICO attacks (Surgical Interception using COmmunities): a novel method of launching interception attacks that leverages BGP communities to scope an adversary's attack and ensure a route to the victim. We then show how SICO attacks can be targeted to specific source IP addresses for reducing attack costs. Furthermore, we ethically perform SICO attacks on the real Internet backbone to evaluate their feasibility and effectiveness. Results suggest that SICO attacks can achieve interception even when previously proposed attacks would not be feasible and outperforms them by attracting traffic from an additional 16% of Internet hosts (worst case) and 58% of Internet hosts (best case). Finally, we analyze the Internet topology to find that at least 83% of multi-homed ASes are capable of launching these attacks.

[1]  Anja Feldmann,et al.  BGP Communities: Even more Worms in the Routing Can , 2018, Internet Measurement Conference.

[2]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[3]  Olivier Bonaventure,et al.  On BGP communities , 2008, CCRV.

[4]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[5]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[6]  Danny McPherson,et al.  Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF) , 2009, RFC.

[7]  Kirk Lougheed,et al.  Border Gateway Protocol (BGP) , 2021, IP Routing Protocols.

[8]  Sharon Goldberg,et al.  BGP security in partial deployment: is the juice worth the squeeze? , 2013, SIGCOMM.

[9]  Nick Feamster,et al.  ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes , 2015, Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication.

[10]  Randy Bush,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2008, IEEE/ACM Transactions on Networking.

[11]  Anja Feldmann,et al.  Stellar: network attack mitigation using advanced blackholing , 2018, CoNEXT.

[12]  Olivier Bonaventure,et al.  Using Redistribution Communities for Interdomain Traffic Engineering , 2002, QofIS.

[13]  Geoff Huston NOPEER Community for Border Gateway Protocol (BGP) Route Scope Control , 2004, RFC.

[14]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[15]  Christoph Dietzel,et al.  BLACKHOLE BGP Community for Blackholing , 2015 .

[16]  Ítalo S. Cunha,et al.  PEERING: An AS for Us , 2014, HotNets.

[17]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[18]  Georg Carle,et al.  HEAP: Reliable Assessment of BGP Hijacking Attacks , 2016, IEEE Journal on Selected Areas in Communications.

[19]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[20]  Anja Feldmann,et al.  Inferring BGP blackholing activity in the internet , 2017, Internet Measurement Conference.

[21]  Anja Feldmann,et al.  Detecting Peering Infrastructure Outages in the Wild , 2017, SIGCOMM.

[22]  Randy Bush,et al.  The Resource Public Key Infrastructure (rpki) to Router Protocol , 2013 .

[23]  E. Tronci,et al.  1996 , 1997, Affair of the Heart.

[24]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[25]  Jennifer Rexford,et al.  Bamboozling Certificate Authorities with BGP , 2018, USENIX Security Symposium.

[26]  R. A. White,et al.  Deployment Considerations for Secure Origin BGP (soBGP) , 2003 .

[27]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[28]  Amir Herzberg,et al.  Are We There Yet? On RPKI's Deployment and Security , 2017, NDSS.

[29]  Laurent Vanbever,et al.  Hijacking Bitcoin: Routing Attacks on Cryptocurrencies , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[30]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[31]  Nick Feamster,et al.  Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks , 2017, 2017 IEEE Symposium on Security and Privacy (SP).