It Bends But Would It Break? Topological Analysis of BGP Infrastructures in Europe

Frey, Sylvain; Elkhatib, Yehia; Rashid, Awais; Follis, Karolina; Vidler, John; Race, Nicholas; Edwards, C.

doi:10.1109/eurosp.2016.39

Cited by 11 publications

(5 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Presumably, this was due to the problem size associated with large-scale infrastructures like the Internet. Frey et al [22] conducted one of the first Internet-scale infrastructure assessments in terms of security evaluation. They investigated the Border Gateway Protocol deployment looking into potential threats and vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

On the Soundness of Infrastructure Adversaries

Dax¹,

Künnemann²

2021

Preprint

View full text Add to dashboard Cite

Companies and network operators perform risk assessment to inform policy-making, guide infrastructure investments or to comply with security standards such as ISO 27001. Due to the size and complexity of these networks, risk assessment techniques such as attack graphs or trees describe the attacker with a finite set of rules. This characterization of the attacker can easily miss attack vectors or overstate them, potentially leading to incorrect risk estimation.In this work, we propose the first methodology to justify a rule-based attacker model. Conceptually, we add another layer of abstraction on top of the symbolic model of cryptography, which reasons about protocols and abstracts cryptographic primitives. This new layer reasons about Internet-scale networks and abstracts protocols.We show, in general, how the soundness and completeness of a rule-based model can be ensured by verifying trace properties, linking soundness to safety properties and completeness to liveness properties. We then demonstrate the approach for a recently proposed threat model that quantifies the confidentiality of email communication on the Internet, including DNS, DNSSEC, and SMTP. Using off-the-shelf protocol verification tools, we discover two flaws in their threat model. After fixing them, we show that it provides symbolic soundness.1 For other techniques, consider the study by Wang et al. [55].

show abstract

Section: Related Workmentioning

confidence: 99%

On the Soundness of Infrastructure Adversaries

Dax¹,

Künnemann²

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…BGP threats are caused by three fundamental vulnerabilities. First, BGP infrastructure is susceptible to physical attacks by outsiders, e.g., damage to hardware or cables between ASs [3]. Such attacks fall into the field of physical and logical security and are out of scope of this work.…”

Section: Classification Of Attacks On Bgpmentioning

confidence: 99%

“…Subprefix hijack: Another way the attacker can prevent a MOAS conflict is by advertising a subnetwork of 3 https://bgpmon.net/large-scale-bgp-hijack-out-of-india/ an existing prefix which does not belong to the attacker (Figure 1(b)). This event is also known as de-aggregation attack 4 .…”

Section: Classification Of Attacks On Bgpmentioning

confidence: 99%

“…ASs set up routes via BGP based on their local policies. Despite its critical role on the Internet, BGP is not designed to provide any security guarantees and, thus, remains vulnerable to attacks [2,3] and misconfigurations [4], causing instabilities in the routing system or severe reachability problems. As well as frequent routing incidents [5,6], BGP threats are exploited for country-level censorship [7,8], damage to cryptocurrencies [9], and tracking users of anonymization networks [10].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The state of affairs in BGP security: A survey of attacks and defenses

Mitseva

Panchenko

Engel

2018

Computer Communications

View full text Add to dashboard Cite

The Border Gateway Protocol (BGP) is the de facto standard interdomain routing protocol. Despite its critical role on the Internet, it does not provide any security guarantees. In response to this, a large amount of research has proposed a wide variety BGP security extensions and detection-recovery systems in recent decades. Nevertheless, BGP remains vulnerable to many types of attack. In this work, we conduct an up-to-date review of fundamental BGP threats and present a methodology for evaluation of existing BGP security proposals. Based on this, we introduce a comprehensive and up-to-date survey of proposals intended to make BGP secure and methods for detection and mitigation of routing instabilities. Last but not least, we identify gaps in research, and pinpoint open issues and unsolved challenges.

show abstract

“…BGP [1,2,3,4,5,6] unlike the other routing protocols is an exterior gateway protocol used between autonomous systems and is a path vector routing protocol. After you enable BGP on your router you need to advertise your routes in the routing protocol to be handled in the routing table to be exchanged with others (injection/advertisement).…”

Section: Introductionmentioning

confidence: 99%

Improvement of Border Gateway Protocol Against Failure on Autonomous Systems

2017

IJCSI

View full text Add to dashboard Cite

Border Gateway Protocol (BGP) is used for routing among autonomous systems, its main advantage among the other routing protocols is its stability and its ability to maintain and contain large number of updates in its routing table, and so this is very important as its main usage of it is routing in the internet. These autonomous systems create a large number of updates that cannot be maintained/handled by other routing protocol except BGP. BGP has a big problem which is convergence delay due to large number of updates that may reach to minutes in cases of topology failure or problems, also it need to high processing in the CPU memory which may lead to a freezing node in lot of cases. So it's so important to pay more work and attention to reduce these effects that lead to routing instability and nodes freeze. A lot of studied work on solving this problem create a dynamic model change in the BGP routing MRAI (minimum route advertisement interval) according to the network size. This MRAI is a main functional factor to decrease the convergence delay in much networks, but no one study the effect of many flapping node (neighbor) in a topology on the convergence delay and number of created messages which recreated more and more every time the flapping happened. In this paper, the effect of flapping node on different network sizes with various sized failure studied and proposed a solution with good performance in less processing time and convergence delay.

show abstract

It Bends But Would It Break? Topological Analysis of BGP Infrastructures in Europe

Cited by 11 publications

References 59 publications

On the Soundness of Infrastructure Adversaries

On the Soundness of Infrastructure Adversaries

The state of affairs in BGP security: A survey of attacks and defenses

Improvement of Border Gateway Protocol Against Failure on Autonomous Systems

Contact Info

Product

Resources

About