Abstract
We propose a two-party cryptographic protocol for detecting traffic hijacking over the Internet. Our proposal relies on a distance-bounding mechanism that measures the round-trip time of packets to decide whether an attack is ongoing. The protocol requires only two cryptographic operations per execution which leads to very few additional workload for the users. We demonstrate the efficiency of the protocol using large-scale experiments and we discuss the choice of the decision function w.r.t. the false positive and negative cases.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
For the sake of clarity, we assume that the k packets are consecutive, but this assumption is actually not necessary.
- 7.
We elaborate on how a relay node was implemented on Sect. 4.
- 8.
- 9.
Note that traceroute can only deliver a probable and punctual estimation of the route between two points, such a route can change over time.
References
Apostolaki, M., Zohar, A., Vanbever, L.: Hijacking bitcoin: routing attacks on cryptocurrencies. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 375–392. IEEE (2017)
Avoine, G., et al.: Security of distance-bounding: a survey. ACM Comput. Surv. (CSUR) 51(5), 1–33 (2018)
Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_30
Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the Fiat-Shamir passport protocol (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_3
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12
Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, SECURECOMM 2005, pp. 67–73 (2005)
Holterbach, T., Vissicchio, S., Dainotti, A., Vanbever, L.: SWIFT: predictive fast reroute. In: . SIGCOMM 2017, pp. 460–473, Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3098822.3098856
Karlin, J., Forrest, S., Rexford, J.: Pretty good BGP: improving BGP by cautiously adopting routes. In: ICNP, pp. 290–299 (December 2006). https://doi.org/10.1109/ICNP.2006.320179
Kent, S., Lynn, C., Seo, K.: Secure border gateway protocol (S-BGP). IEEE J. Sel. Areas Commun. 18(4), 582–592 (2000)
Lepinski, M., Sriram, K.: BGPsec Protocol Specification. RFC 8205 (September 2017). https://doi.org/10.17487/RFC8205. https://rfc-editor.org/rfc/rfc8205.txt
Mitseva, A., Panchenko, A., Engel, T.: The state of affairs in BGP security: a survey of attacks and defenses. Comput. Commun. 124, 45–60 (2018)
Qiu, T., Ji, L., Pei, D., Wang, J., Xu, J.: TowerDefense: deployment strategies for battling against IP prefix hijacking. In: The 18th IEEE International Conference on Network Protocols, pp. 134–143 (2010). https://doi.org/10.1109/ICNP.2010.5762762
Rekhter, Y., Li, T., Hares, S., et al.: A border gateway protocol 4 (BGP-4) (1994)
Sermpezis, P., et al.: ARTEMIS: neutralizing BGP hijacking within a minute. IEEE/ACM Trans. Netw. 26(6), 2471–2486 (2018)
Wan, T., Kranakis, E., van Oorschot, P.C.: Pretty secure BGP, psBGP. In: NDSS. Citeseer (2005)
White, R.: Securing BGP through secure origin BGP (soBGP). Bus. Commun. Rev. 33(5), 47 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Description of Other Candidates for the Decision Function
We initially selected 4 other candidates for potential decision function. We did identical experiments to decide which one was the most efficient. Some test showed acceptable results but none was as precise as the one presented in Sect. 3.3. We present here the tests and their results.
1.1 A.1 Average Position
This test computes the mean of samp \(\mu _{samp}\) and computes the \(80\%\)-density interval \(I_80(ref)\) of ref. It returns 1 if \(\mu _{samp} \in I_{80}(ref)\), 0 otherwise.
1.2 A.2 \(10\%\)-Minimum Overlap
This test computes the first decile of the both samples \(q_{10}(samp)\), \(q_{10}(ref)\) and consider the intervals \(I=[min(samp),q_{10}(samp)]\) and \(I'=[min(ref),q_{10}(ref)]\). It returns 1 if at least \(50\%\) of I overlaps \(I'\), that is to say if: \(\frac{len(I\cap I')}{len(I)}>0.5\). It returns 0 otherwise.
1.3 A.3 \(50\%\)-Minimum Overlap
This test computes the median of the both samples \(q_{50}(samp)\), \(q_{50}(ref)\) and consider the intervals \(I=[min(samp),q_{50}(samp)]\) and \(I'=[min(ref),q_{50}(ref)]\). It returns 1 if at least \(50\%\) of I overlaps \(I'\), that is to say if: \(\frac{len(I\cap I')}{len(I)}>0.5\). It returns 0 otherwise.
1.4 A.4 Density Match
This test computes \(80\%\)-density interval \(I_{80}(ref)\) and checks the proportion p of elements of samp being in this interval. It returns 1 if \(p>0.5\) , 0 otherwise
B Experiments for all the Tests
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Arfaoui, G., Avoine, G., Gimenez, O., Traoré, J. (2021). How Distance-Bounding Can Detect Internet Traffic Hijacking. In: Conti, M., Stevens, M., Krenn, S. (eds) Cryptology and Network Security. CANS 2021. Lecture Notes in Computer Science(), vol 13099. Springer, Cham. https://doi.org/10.1007/978-3-030-92548-2_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-92548-2_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92547-5
Online ISBN: 978-3-030-92548-2
eBook Packages: Computer ScienceComputer Science (R0)