Аналіз захищеності інтернет-вузлів від кібератак типу «перехоплення маршруту»

Abstract

Cyberattacks on global routing on the global computer network Internet (route hijack, route leak) lead to large-scale consequences with violation of data integrity, availability and confidentiality during the process of internetwork data exchange. Threats to BGP-4 routing protocol can’t be fully mitigated neither in short-term nor in long term. None of proposed and partially implemented upgrades and add-ons like Mutually Agreed Norms for Routing Security (MANRS) and Resource Public Key Infrastructure (RPKI) can not deliver reliable protection against those types of attacks.Recent information security and data protection technics are based on risk management. A new risk-oriented approach to improving the topology of network interconnections in order to increase the security of internetwork data exchange is described. The new approach is based on applying new topology-related metrics to the Internet nodes, that is autonomous systems (AS). The criterion for the effectiveness of the topology against attacks on global routing is risk assessment as a measure of information security.Assessing the risks of route hijack requires quantitative measurement of the impact of an attack e.g. the scope of routing distortion. The risk for risk owner of hijacking hist route on a particular node in the network depends on the distance between the AS. Close nodes have more trust, so the first proposed metrics is called trust metrics. A kind of node centrality or significance is considered because it affects the losses estimation. Such significance derives from the number of network prefixes (i.e subnets) which receive routing announces through this particular node. Ranking nodes by this metrics requires methods for retrieving and processing routing tables. In this paper we describe the sources, methods of processing, and examine several ASes from Ukrainian segment of the Internet on the significance metrics. Well-known Internet exchanges of Ukraine, and then all large telco operators appeared to be the most significant Internet nodes. This demonstrates the adequacy of the represented methodology. Tabl.: 1. Fig.: 3. Refs: 9 titles.