Computational complexity of traffic hijacking under BGP and S-BGP

Marco Chiesa,Giuseppe Di Battista,Thomas Erlebach,Maurizio Patrignani

doi:10.1016/j.tcs.2015.07.038

Marco Chiesa, Giuseppe Di Battista + Show 2 more

Open Access

https://doi.org/10.1016/j.tcs.2015.07.038

Copy DOI

Abstract

Harmful Internet hijacking incidents put in evidence how fragile interdomain routing is. In particular, the Border Gateway Protocol (BGP), which is used to exchange routing information between Internet entities, called Autonomous Systems (ASes), proved to be prone to attacks launched by a single malicious AS. Recent research contributions pointed out that even S-BGP, the secure variant of BGP that is being deployed, is not fully able to blunt traffic attraction attacks. Given a traffic flow between two ASes, we study how difficult it is for a malicious AS to devise a strategy for hijacking or intercepting that flow. The goal of the attack is to attract a traffic flow towards the malicious AS. While in the hijacking attack connectivity between the endpoints of a flow can be disrupted, in the interception attack connectivity must be maintained. We show that this problem marks a sharp difference between BGP and S-BGP. Namely, while it is solvable, under reasonable assumptions, in polynomial time for the type of attacks that are usually performed in BGP, it is NP-hard for S-BGP. Our study has several by-products. E.g., we solve a problem left open in the literature, stating when performing a hijacking in S-BGP is equivalent to performing an interception.

Highlights

Introduction and OverviewOn 24th Feb. 2008, Pakistan Telecom started an unauthorized announcement of prefix 208.65.153.0/24 [13]
Given a traffic flow between two Autonomous Systems (ASes), how difficult is it for a malicious Autonomous System (AS) to devise a strategy for hijacking or intercepting at least that specific flow? We show that this problem marks a sharp difference between Border Gateway Protocol (BGP) and S-BGP
Given a communication flow between two ASes we studied how difficult it is for a malicious AS m to devise a strategy for hijacking or intercepting that flow

Summary

Introduction and Overview

On 24th Feb. 2008, Pakistan Telecom started an unauthorized announcement of prefix 208.65.153.0/24 [13] This announcement was propagated to the rest of the Internet, which resulted in the hijacking of YouTube traffic on a global scale. Performing a hijacking attack is a relatively simple task It suffices to issue a BGP announcement of a victim prefix from a border router of a malicious (or unaware) Autonomous System (AS). We show that this problem marks a sharp difference between BGP and S-BGP While it is polynomial time solvable, under reasonable assumptions, for typical BGP attacks, it is NP-hard for S-BGP. Its degree of freedom is to choose a subset of its neighbors for such a bogus announcement This is the most common type of hijacking attack to BGP [1].

A Model for BGP Routing

Understanding Hacking Strategies

Checking if an Origin-Spoofing BGP Attack Exists

S-BGP Gives Hackers Hard Times

Conclusions and Open Problems