Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning via Real-World Measurements

Jared M. Smith, Kyle Birkeland, Tyler McDaniel, Max Schuchard
{"title":"Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning via Real-World Measurements","authors":"Jared M. Smith, Kyle Birkeland, Tyler McDaniel, Max Schuchard","doi":"10.14722/ndss.2020.23240","DOIUrl":null,"url":null,"abstract":"The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in BGP poisoning usage as a security primitive, we set out to evaluate poisoning feasibility in practice beyond simulation. \nTo that end, using an Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We analyze in detail the performance of steering paths, the graph-theoretic aspects of available paths, and re-evaluate simulated systems with this data. We find that the real-world evidence does not completely support the findings from simulated systems published in the literature. We also analyze filtering of BGP poisoning across types of ASes and ISP working groups. We explore the connectivity concerns when poisoning by reproducing a decade old experiment to uncover the current state of an Internet triple the size. We build predictive models for understanding an ASes' vulnerability to poisoning. Finally, an exhaustive measurement of an upper bound on the maximum path length of the Internet is presented, detailing how security research should react to ASes leveraging poisoned long paths. In total, our results and analysis expose the real-world impact of BGP poisoning on past and future security research.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv: Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/ndss.2020.23240","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

Abstract

The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in BGP poisoning usage as a security primitive, we set out to evaluate poisoning feasibility in practice beyond simulation. To that end, using an Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We analyze in detail the performance of steering paths, the graph-theoretic aspects of available paths, and re-evaluate simulated systems with this data. We find that the real-world evidence does not completely support the findings from simulated systems published in the literature. We also analyze filtering of BGP poisoning across types of ASes and ISP working groups. We explore the connectivity concerns when poisoning by reproducing a decade old experiment to uncover the current state of an Internet triple the size. We build predictive models for understanding an ASes' vulnerability to poisoning. Finally, an exhaustive measurement of an upper bound on the maximum path length of the Internet is presented, detailing how security research should react to ASes leveraging poisoned long paths. In total, our results and analysis expose the real-world impact of BGP poisoning on past and future security research.
撤销BGP重路由幕:从实际测量了解BGP中毒对安全的影响
互联网路由基础设施的安全性是过去二十年分布式系统安全研究的基础。然而,相反的情况越来越正确。路由和路径决策现在对于构建在Internet之上的系统的安全属性非常重要。特别是,BGP中毒利用自治系统(as)之间的事实上的路由协议来操纵上游网络的返回路径到以前不可用的新路径上。这些新路径可以用来避免拥塞、审查、地缘政治边界或任何可以在as级表示的拓扑特征。考虑到BGP中毒作为一种安全原语使用的增加,我们开始评估中毒在实践中的可行性,而不是模拟。为此,使用互联网规模的测量基础设施,我们捕获并分析了跨越数千个as的1400多个BGP中毒实例,作为操纵流量返回路径的机制。我们详细分析了转向路径的性能,可用路径的图论方面,并利用这些数据重新评估模拟系统。我们发现真实世界的证据并不完全支持在文献中发表的模拟系统的发现。我们还分析了跨as和ISP工作组类型的BGP中毒过滤。我们通过复制一个十年前的实验来揭示互联网规模三倍的当前状态,从而探索连接问题。我们建立了预测模型来理解ase对中毒的脆弱性。最后,给出了互联网最大路径长度上界的详尽测量,详细说明了安全研究应该如何对利用有毒长路径的ase做出反应。总的来说,我们的结果和分析揭示了BGP中毒对过去和未来安全研究的现实影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信