Abstract
The goal of this work is to enhance Internet security by applying formal analysis of traffic attraction attacks on the BGP routing protocol. BGP is the sole protocol used throughout the Internet for inter-domain routing, hence its importance. In attraction attacks an attacker sends false routing advertisements to gain attraction of extra traffic in order to increase its revenue from customers, drop, tamper, or snoop on the packets. Such attacks are most common on the inter-domain routing.
We use model checking to perform exhaustive search for attraction attacks on BGP. This requires substantial reductions due to scalability issues of the entire Internet topology. Therefore, we propose static methods to identify and automatically reduce Internet fragments of interest, prior to using model checking.
We developed a method, called BGP-SA, for BGP Security Analysis, which extracts and reduces fragments from the Internet. In order to apply model checking, we model the BGP protocol and also model an attacker with predefined capabilities. Our specifications allow to reveal different types of attraction attacks. Using a model checking tool we identify attacks as well as show that certain attraction scenarios are impossible on the Internet under the modeled attacker capabilities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arye, M., Harrison, R., Wang, R.: The next 10,000 BGP gadgets
Arye, M., Harrison, R., Wang, R., Zave, P., Rexford, J.: Toward a lightweight model of BGP safety. In: Proceedings of WRiPE (2011)
Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the internet. ACM SIGCOMM Comput. Commun. Rev. 37, 265–276 (2007)
CAIDA. Inferred AS Relationships Dataset (2014). http://data.caida.org/datasets/as-relationships/serial-1/20141001.as-rel.txt.bz2
Callon, R.: Use of OSI IS-IS for routing in TCP/IP and dual environments. IETF RFC 1195, December 1990
Chockler, H., Pidan, D., Ruah, S.: Improving representative computation in ExpliSAT. In: Bertacco, V., Legay, A. (eds.) HVC 2013. LNCS, vol. 8244, pp. 359–364. Springer, Heidelberg (2013)
Gao, L., Rexford, J.: Stable Internet routing without global coordination. IEEE/ACM Trans. Netw. (TON) 9(6), 681–692 (2001)
Goldberg, S., Schapira, M., Hummon, P., Rexford, J.: How secure are secure interdomain routing protocols? Comput. Netw. 70, 260–287 (2014)
Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure border gateway protocol (S-BGP). IEEE J. Sel. Areas Commun. 18, 103–116 (2000)
Lychev, R., Goldberg, S., Schapira, M.: Network-destabilizing attacks. arXiv preprint (2012). arXiv:1203.1681
Madory, D.: Sprint, Windstream: Latest ISPs to hijack foreign networks (2014). http://research.dyn.com/2014/09/latest-isps-to-hijack/
Madory,D.: The Vast World of Fraudulent Routing (2015). http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/
Malkin, G.: RIP version 2. IETF RFC 2453 (1998)
Moy, J.: OSPF version 2. IETF RFC 2328 (1998)
Rekhter, Y., Li, T., Hares, S.: A border gateway protocol 4 (BGP-4). IETF RFC 4271 (2006)
Ren, Y., Zhou, W., Wang, A., Jia, L., Gurney, A.J.T., Loo, B.T., Rexford, J.: FSR: formal analysis and implementation toolkit for safe inter-domain routing. ACM SIGCOMM Comput. Commun. Rev. 41, 440–441 (2011)
Toonk, A.: BGP hijack incident by Syrian Telecommunications Establishment (2014). http://www.bgpmon.net/bgp-hijack-incident-by-syrian-telecommunications-establishment/
Toonk, A.: Hijack event today by Indosat (2014). http://www.bgpmon.net/hijack-event-today-by-indosat/
Toonk, A.: The Canadian Bitcoin Hijack (2014). http://www.bgpmon.net/the-canadian-bitcoin-hijack/
Vervier, P.A., Thonnard, O., Dacier, M.: Mind your blocks : on the stealthiness of malicious BGP hijacks (2015)
Acknowledgement
The research was supported by The Prof. A. Pazy Research Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sosnovich, A., Grumberg, O., Nakibly, G. (2015). Analyzing Internet Routing Security Using Model Checking. In: Davis, M., Fehnker, A., McIver, A., Voronkov, A. (eds) Logic for Programming, Artificial Intelligence, and Reasoning. LPAR 2015. Lecture Notes in Computer Science(), vol 9450. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48899-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-662-48899-7_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48898-0
Online ISBN: 978-3-662-48899-7
eBook Packages: Computer ScienceComputer Science (R0)