Analyzing Internet Routing Security Using Model Checking

  • Adi Sosnovich
  • Orna Grumberg
  • Gabi Nakibly
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9450)


The goal of this work is to enhance Internet security by applying formal analysis of traffic attraction attacks on the BGP routing protocol. BGP is the sole protocol used throughout the Internet for inter-domain routing, hence its importance. In attraction attacks an attacker sends false routing advertisements to gain attraction of extra traffic in order to increase its revenue from customers, drop, tamper, or snoop on the packets. Such attacks are most common on the inter-domain routing.

We use model checking to perform exhaustive search for attraction attacks on BGP. This requires substantial reductions due to scalability issues of the entire Internet topology. Therefore, we propose static methods to identify and automatically reduce Internet fragments of interest, prior to using model checking.

We developed a method, called BGP-SA, for BGP Security Analysis, which extracts and reduces fragments from the Internet. In order to apply model checking, we model the BGP protocol and also model an attacker with predefined capabilities. Our specifications allow to reveal different types of attraction attacks. Using a model checking tool we identify attacks as well as show that certain attraction scenarios are impossible on the Internet under the modeled attacker capabilities.


Model Check Autonomous System Target Network Attack Strategy Border Gateway Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The research was supported by The Prof. A. Pazy Research Foundation.


  1. 1.
  2. 2.
    Arye, M., Harrison, R., Wang, R.: The next 10,000 BGP gadgetsGoogle Scholar
  3. 3.
    Arye, M., Harrison, R., Wang, R., Zave, P., Rexford, J.: Toward a lightweight model of BGP safety. In: Proceedings of WRiPE (2011)Google Scholar
  4. 4.
    Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the internet. ACM SIGCOMM Comput. Commun. Rev. 37, 265–276 (2007)CrossRefGoogle Scholar
  5. 5.
  6. 6.
    Callon, R.: Use of OSI IS-IS for routing in TCP/IP and dual environments. IETF RFC 1195, December 1990Google Scholar
  7. 7.
    Chockler, H., Pidan, D., Ruah, S.: Improving representative computation in ExpliSAT. In: Bertacco, V., Legay, A. (eds.) HVC 2013. LNCS, vol. 8244, pp. 359–364. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  8. 8.
    Gao, L., Rexford, J.: Stable Internet routing without global coordination. IEEE/ACM Trans. Netw. (TON) 9(6), 681–692 (2001)CrossRefGoogle Scholar
  9. 9.
    Goldberg, S., Schapira, M., Hummon, P., Rexford, J.: How secure are secure interdomain routing protocols? Comput. Netw. 70, 260–287 (2014)CrossRefGoogle Scholar
  10. 10.
    Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure border gateway protocol (S-BGP). IEEE J. Sel. Areas Commun. 18, 103–116 (2000)CrossRefGoogle Scholar
  11. 11.
    Lychev, R., Goldberg, S., Schapira, M.: Network-destabilizing attacks. arXiv preprint (2012). arXiv:1203.1681
  12. 12.
    Madory, D.: Sprint, Windstream: Latest ISPs to hijack foreign networks (2014).
  13. 13.
    Madory,D.: The Vast World of Fraudulent Routing (2015).
  14. 14.
    Malkin, G.: RIP version 2. IETF RFC 2453 (1998)Google Scholar
  15. 15.
    Moy, J.: OSPF version 2. IETF RFC 2328 (1998)Google Scholar
  16. 16.
    Rekhter, Y., Li, T., Hares, S.: A border gateway protocol 4 (BGP-4). IETF RFC 4271 (2006)Google Scholar
  17. 17.
    Ren, Y., Zhou, W., Wang, A., Jia, L., Gurney, A.J.T., Loo, B.T., Rexford, J.: FSR: formal analysis and implementation toolkit for safe inter-domain routing. ACM SIGCOMM Comput. Commun. Rev. 41, 440–441 (2011)CrossRefGoogle Scholar
  18. 18.
    Toonk, A.: BGP hijack incident by Syrian Telecommunications Establishment (2014).
  19. 19.
    Toonk, A.: Hijack event today by Indosat (2014).
  20. 20.
    Toonk, A.: The Canadian Bitcoin Hijack (2014).
  21. 21.
    Vervier, P.A., Thonnard, O., Dacier, M.: Mind your blocks : on the stealthiness of malicious BGP hijacks (2015)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.Computer Science DepartmentTechnionHaifaIsrael
  2. 2.National Research and Simulation CenterRafaelHaifaIsrael

Personalised recommendations