ARTEMIS: Neutralizing BGP Hijacking Within a Minute

Border gateway protocol (BGP) prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches (ranging from RPKI to popular third-party services), none of them solves the problem adequately in practice. In fact, they suffer from: (i) lack of detection comprehensiveness, allowing sophisticated attackers to evade detection; (ii) limited accuracy, especially in the case of third-party detection; (iii) delayed verification and mitigation of incidents, reaching up to days; and (iv) lack of privacy and of flexibility in post-hijack counteractions, on the side of network operators. In this paper, we propose ARTEMIS, a defense approach (a) based on accurate and fast detection operated by the autonomous system itself, leveraging the pervasiveness of publicly available BGP monitoring services and their recent shift towards real-time streaming and thus (b) enabling flexible and fast mitigation of hijacking events. Compared to the previous work, our approach combines characteristics desirable to network operators, such as comprehensiveness, accuracy, speed, privacy, and flexibility. Finally, we show through real-world experiments that with the ARTEMIS approach, prefix hijacking can be neutralized within a minute.

[1]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[2]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM 2006.

[3]  Xin Zhang,et al.  Invalidating Idealized BGP Security Proposals and Countermeasures , 2015, IEEE Transactions on Dependable and Secure Computing.

[4]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[5]  Olaf Maennel,et al.  Internet optometry: assessing the broken glasses in internet reachability , 2009, IMC '09.

[6]  Marc Dacier,et al.  Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks , 2015, NDSS.

[7]  Dan Pei,et al.  TowerDefense: Deployment strategies for battling against IP prefix hijacking , 2010, The 18th IEEE International Conference on Network Protocols.

[8]  Yao Zhao,et al.  Where the Sidewalk Ends: Extending the Internet AS Graph Using Traceroutes from P2P Users , 2014, IEEE Trans. Computers.

[9]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[10]  Sharon Goldberg,et al.  Why is it taking so long to secure internet routing? , 2014, Commun. ACM.

[11]  Sharon Goldberg,et al.  BGP security in partial deployment: is the juice worth the squeeze? , 2013, SIGCOMM.

[12]  Chiara Orsini,et al.  BGPStream: A Software Framework for Live and Historical BGP Data Analysis , 2016, Internet Measurement Conference.

[13]  Georg Carle,et al.  A forensic case study on as hijacking: the attacker's perspective , 2013, CCRV.

[14]  Ethan Heilman,et al.  On the risk of misbehaving RPKI authorities , 2013, HotNets.

[15]  Vasileios Giotsas,et al.  Inferring multilateral peering , 2013, CoNEXT.

[16]  Xenofontas A. Dimitropoulos,et al.  ARTEMIS: Real-Time Detection and Automatic Mitigation for BGP Prefix Hijacking , 2016, SIGCOMM.

[17]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.

[18]  Randy Bush,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2008, IEEE/ACM Transactions on Networking.

[19]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[20]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[21]  Volker Roth,et al.  Listen and whisper: security mechanisms for BGP , 2004 .

[22]  Zhuoqing Morley Mao,et al.  Accurate Real-time Identification of IP Prefix Hijacking , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[23]  Sharon Goldberg,et al.  Let the market drive deployment: a strategy for transitioning to BGP security , 2011, SIGCOMM.

[24]  Jennifer Rexford,et al.  Stable internet routing without global coordination , 2001, TNET.

[25]  Lixia Zhang,et al.  Cyclops: the AS-level connectivity observatory , 2008, CCRV.

[26]  Adrian Perrig,et al.  Authentication Challenges in a Global Environment , 2017, ACM Trans. Priv. Secur..

[27]  Amir Herzberg,et al.  Jumpstarting BGP Security with Path-End Validation , 2016, SIGCOMM.

[28]  Dan Pei,et al.  A light-weight distributed scheme for detecting ip prefix hijacks in real-time , 2007, SIGCOMM '07.

[29]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[30]  Amir Herzberg,et al.  Are We There Yet? On RPKI's Deployment and Security , 2017, NDSS.

[31]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[32]  Lixia Zhang,et al.  Understanding Resiliency of Internet Topology against Prefix Hijack Attacks , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[33]  Ítalo S. Cunha,et al.  Investigating Interdomain Routing Policies in the Wild , 2015, Internet Measurement Conference.

[34]  Yang Xiang,et al.  Detecting prefix hijackings in the internet with argus , 2012, Internet Measurement Conference.

[35]  Ítalo S. Cunha,et al.  PEERING: An AS for Us , 2014, HotNets.

[36]  Jennifer Rexford,et al.  Pretty Good BGP: Improving BGP by Cautiously Adopting Routes , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[37]  Lixin Gao,et al.  Detecting bogus BGP route information: Going beyond prefix hijacking , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[38]  Lixin Gao,et al.  Identifying and Addressing Reachability and Policy Attacks in “Secure” BGP , 2016, IEEE/ACM Transactions on Networking.

[39]  Vasileios Giotsas,et al.  AS relationships, customer cones, and validation , 2013, Internet Measurement Conference.

[40]  Matt Lepinski,et al.  BGPsec Protocol Specification , 2017, RFC.

[41]  Olaf Maennel,et al.  RiPKI: The Tragic Story of RPKI Deployment in the Web Ecosystem , 2014, HotNets.

[42]  Georg Carle,et al.  HEAP: Reliable Assessment of BGP Hijacking Attacks , 2016, IEEE Journal on Selected Areas in Communications.

[43]  Alberto Dainotti,et al.  A Survey among Network Operators on BGP Prefix Hijacking , 2018, CCRV.

[44]  John G. Scudder,et al.  BGP Monitoring Protocol , 2008 .

[45]  Dan Pei,et al.  Locating Prefix Hijackers using LOCK , 2009, USENIX Security Symposium.