Analyzing Internet Routing Security Using Model Checking
The goal of this work is to enhance Internet security by applying formal analysis of traffic attraction attacks on the BGP routing protocol. BGP is the sole protocol used throughout the Internet for inter-domain routing, hence its importance. In attraction attacks an attacker sends false routing advertisements to gain attraction of extra traffic in order to increase its revenue from customers, drop, tamper, or snoop on the packets. Such attacks are most common on the inter-domain routing.
We use model checking to perform exhaustive search for attraction attacks on BGP. This requires substantial reductions due to scalability issues of the entire Internet topology. Therefore, we propose static methods to identify and automatically reduce Internet fragments of interest, prior to using model checking.
We developed a method, called BGP-SA, for BGP Security Analysis, which extracts and reduces fragments from the Internet. In order to apply model checking, we model the BGP protocol and also model an attacker with predefined capabilities. Our specifications allow to reveal different types of attraction attacks. Using a model checking tool we identify attacks as well as show that certain attraction scenarios are impossible on the Internet under the modeled attacker capabilities.
KeywordsModel Check Autonomous System Target Network Attack Strategy Border Gateway Protocol
The research was supported by The Prof. A. Pazy Research Foundation.
- 2.Arye, M., Harrison, R., Wang, R.: The next 10,000 BGP gadgetsGoogle Scholar
- 3.Arye, M., Harrison, R., Wang, R., Zave, P., Rexford, J.: Toward a lightweight model of BGP safety. In: Proceedings of WRiPE (2011)Google Scholar
- 5.CAIDA. Inferred AS Relationships Dataset (2014). http://data.caida.org/datasets/as-relationships/serial-1/20141001.as-rel.txt.bz2
- 6.Callon, R.: Use of OSI IS-IS for routing in TCP/IP and dual environments. IETF RFC 1195, December 1990Google Scholar
- 11.Lychev, R., Goldberg, S., Schapira, M.: Network-destabilizing attacks. arXiv preprint (2012). arXiv:1203.1681
- 12.Madory, D.: Sprint, Windstream: Latest ISPs to hijack foreign networks (2014). http://research.dyn.com/2014/09/latest-isps-to-hijack/
- 13.Madory,D.: The Vast World of Fraudulent Routing (2015). http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/
- 14.Malkin, G.: RIP version 2. IETF RFC 2453 (1998)Google Scholar
- 15.Moy, J.: OSPF version 2. IETF RFC 2328 (1998)Google Scholar
- 16.Rekhter, Y., Li, T., Hares, S.: A border gateway protocol 4 (BGP-4). IETF RFC 4271 (2006)Google Scholar
- 18.Toonk, A.: BGP hijack incident by Syrian Telecommunications Establishment (2014). http://www.bgpmon.net/bgp-hijack-incident-by-syrian-telecommunications-establishment/
- 19.Toonk, A.: Hijack event today by Indosat (2014). http://www.bgpmon.net/hijack-event-today-by-indosat/
- 20.Toonk, A.: The Canadian Bitcoin Hijack (2014). http://www.bgpmon.net/the-canadian-bitcoin-hijack/
- 21.Vervier, P.A., Thonnard, O., Dacier, M.: Mind your blocks : on the stealthiness of malicious BGP hijacks (2015)Google Scholar