A study of prefix hijacking and interception in the internet

BallaniHitesh,; FrancisPaul,; ZhangXinyang,

doi:10.1145/1282427.1282411

Cited by 146 publications

(142 citation statements)

References 23 publications

Supporting

Mentioning

142

Contrasting

Order By: Relevance

“…Prefix interception generally refers to the Internet traffic interception based on prefix hijacking [17]. However, some other features in BGP protocol, such as valley-free rule [18,19] and AS-Path prepending, can also be exploited to launch a prefix interception attack [11,20].…”

Section: Attack Model Of Prefix Interceptionmentioning

confidence: 99%

“…Thus, prefix interception does not result in black holes. Second, prefix interception is often based on prefix hijacking [17], and hence they share the same anomaly in control plane. As a result, monitoring anomalous BGP routes is not enough to identify a prefix interception, as the actual forwarding path is needed to distinguish prefix interception from prefix hijacking.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An accurate distributed scheme for detection of prefix interception

Duan

Wang

et al. 2016

Sci. China Inf. Sci.

View full text Add to dashboard Cite

Previous research in interdomain routing security has often focused on prefix hijacking. However, several prefix interception events have happened lately, which poses a new security challenge to the interdomain routing system. Compared to prefix hijacking, prefix interception is much harder to detect, as it avoids black hole by forwarding the hijacked traffic back to the victim. In this paper, we present a novel method to detect prefix interception. Our approach exploits a key observation about prefix interception: during a prefix interception event, the attacker detours the intercepted traffic through its network, which turns it into a new important "transit point" for access to the victim. By collecting data plane information to detect the emerging "transit point" and using control plane information to verify it, our scheme can identify prefix interception in real time. The results of Internet experiments and Internet-scale simulations show that our method is accurate with low false alarm rate (0.28%) and false negative rate (2.26%).

show abstract

Section: Attack Model Of Prefix Interceptionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An accurate distributed scheme for detection of prefix interception

Duan

Wang

et al. 2016

Sci. China Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…( , has a long history of route hijacking attacks [14], but it still does not employ cryptographic defences to guarantee routing correctness. Trivially, redirecting traffic via a different route or network can provide the attacker with MitM capabilities.…”

Section: Mitm Is Commonmentioning

confidence: 99%

“…Since BGP does not employ authentication mechanisms, originators of BGP routing announcements may claim prefixes belonging to other networks or may change routing path (by adding or removing links), e.g., due to benign failures or malicious attacks. Attackers can hijack prefixes by advertising invalid origin or invalid next hop [14]. There is a large body of research studying attacks on BGP routing, e.g., route hijacking and route injection that damage network operation or connectivity.…”

Section: Mitm Via Route Poisoningmentioning

confidence: 99%

DNSSEC for cyber forensics

Shulman

Waidner

2014

EURASIP J. on Info. Security

View full text Add to dashboard Cite

Domain Name System (DNS) cache poisoning is a stepping stone towards advanced (cyber) attacks. DNS cache poisoning can be used to monitor users' activities for censorship, to distribute malware and spam and to subvert correctness and availability of Internet clients and services. Currently, the DNS infrastructure relies on challengeresponse defences against attacks by (the common) off-path adversaries. Such defences do not suffice against stronger, man-in-the-middle (MitM), adversaries. However, MitM is not believed to be common; hence, there seems to be little motivation to adopt systematic, cryptographic mechanisms. We show that challenge-response do not protect against cache poisoning. In particular, we review common situations where (1) attackers can frequently obtain MitM capabilities and (2) even weaker attackers can subvert DNS security. We also experimentally study dependencies in the DNS infrastructure, in particular, dependencies within domain registrars and within domains, and show that multiple dependencies result in more vulnerable DNS. We review domain name system security extensions (DNSSEC), the defence against DNS cache poisoning, and argue that not only it is the most suitable mechanism for preventing cache poisoning but it is also the only proposed defence that enables a posteriori forensic analysis of attacks.

show abstract

“…Such a situation has motivated us greatly to develop a framework [9] for academic-related web services. While providing several benefits, web services technology has been facing serious threats like prefix hijacking and interception [10] in the Internet due to a man-in-the-middle attack [11]. Therefore, security has become the key issue in the field of web services technology.…”

Section: Introductionmentioning

confidence: 99%

Architectural Framework for Secure Composite Web Services

Sathiaseelan¹

2013

IJCA

View full text Add to dashboard Cite

The exorbitant growth in the field of web services technology has challenged the web developers, vendors and researchers to design and development a variety of enterprise web applications for diverse organizations. Since, security is considered to be an essential part in the development of web applications, web services security has also become an emerging trend in Web services technology. Even though there has been considerable amount of research work carried out in these areas, there is no solid scheme offered so far to build a secure academic-oriented web application. Hence, a novel architectural framework is intended solely for the academic institutions with the aim of providing efficient and secure composite web services for the web users. The concept of multi-level security is also included in the proposed framework to handle various security concerns at different levels.

show abstract

A study of prefix hijacking and interception in the internet

Cited by 146 publications

References 23 publications

An accurate distributed scheme for detection of prefix interception

An accurate distributed scheme for detection of prefix interception

DNSSEC for cyber forensics

Architectural Framework for Secure Composite Web Services

Contact Info

Product

Resources

About