Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning via Real-World Measurements

arXiv: Cryptography and Security Pub Date : 2018-11-08 DOI:10.14722/ndss.2020.23240

Jared M. Smith, Kyle Birkeland, Tyler McDaniel, Max Schuchard

{"title":"Withdrawing the BGP Re-Routing Curtain: Understanding the Security Impact of BGP Poisoning via Real-World Measurements","authors":"Jared M. Smith, Kyle Birkeland, Tyler McDaniel, Max Schuchard","doi":"10.14722/ndss.2020.23240","DOIUrl":null,"url":null,"abstract":"The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in BGP poisoning usage as a security primitive, we set out to evaluate poisoning feasibility in practice beyond simulation. \nTo that end, using an Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We analyze in detail the performance of steering paths, the graph-theoretic aspects of available paths, and re-evaluate simulated systems with this data. We find that the real-world evidence does not completely support the findings from simulated systems published in the literature. We also analyze filtering of BGP poisoning across types of ASes and ISP working groups. We explore the connectivity concerns when poisoning by reproducing a decade old experiment to uncover the current state of an Internet triple the size. We build predictive models for understanding an ASes' vulnerability to poisoning. Finally, an exhaustive measurement of an upper bound on the maximum path length of the Internet is presented, detailing how security research should react to ASes leveraging poisoned long paths. In total, our results and analysis expose the real-world impact of BGP poisoning on past and future security research.","PeriodicalId":420133,"journal":{"name":"arXiv: Cryptography and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv: Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/ndss.2020.23240","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in BGP poisoning usage as a security primitive, we set out to evaluate poisoning feasibility in practice beyond simulation. To that end, using an Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We analyze in detail the performance of steering paths, the graph-theoretic aspects of available paths, and re-evaluate simulated systems with this data. We find that the real-world evidence does not completely support the findings from simulated systems published in the literature. We also analyze filtering of BGP poisoning across types of ASes and ISP working groups. We explore the connectivity concerns when poisoning by reproducing a decade old experiment to uncover the current state of an Internet triple the size. We build predictive models for understanding an ASes' vulnerability to poisoning. Finally, an exhaustive measurement of an upper bound on the maximum path length of the Internet is presented, detailing how security research should react to ASes leveraging poisoned long paths. In total, our results and analysis expose the real-world impact of BGP poisoning on past and future security research.

查看原文本刊更多论文

撤销BGP重路由幕:从实际测量了解BGP中毒对安全的影响

互联网路由基础设施的安全性是过去二十年分布式系统安全研究的基础。然而，相反的情况越来越正确。路由和路径决策现在对于构建在Internet之上的系统的安全属性非常重要。特别是，BGP中毒利用自治系统(as)之间的事实上的路由协议来操纵上游网络的返回路径到以前不可用的新路径上。这些新路径可以用来避免拥塞、审查、地缘政治边界或任何可以在as级表示的拓扑特征。考虑到BGP中毒作为一种安全原语使用的增加，我们开始评估中毒在实践中的可行性，而不是模拟。为此，使用互联网规模的测量基础设施，我们捕获并分析了跨越数千个as的1400多个BGP中毒实例，作为操纵流量返回路径的机制。我们详细分析了转向路径的性能，可用路径的图论方面，并利用这些数据重新评估模拟系统。我们发现真实世界的证据并不完全支持在文献中发表的模拟系统的发现。我们还分析了跨as和ISP工作组类型的BGP中毒过滤。我们通过复制一个十年前的实验来揭示互联网规模三倍的当前状态，从而探索连接问题。我们建立了预测模型来理解ase对中毒的脆弱性。最后，给出了互联网最大路径长度上界的详尽测量，详细说明了安全研究应该如何对利用有毒长路径的ase做出反应。总的来说，我们的结果和分析揭示了BGP中毒对过去和未来安全研究的现实影响。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv: Cryptography and Security

自引率

0.00%

发文量