More Web Proxy on the site http://driver.im/

research-article

ARTEMIS: Neutralizing BGP Hijacking Within a Minute

Authors:

Pavlos Sermpezis,

Vasileios Kotronis,

Xenofontas Dimitropoulos,

Danilo Cicalese,

Alberto DainottiAuthors Info & Claims

IEEE/ACM Transactions on Networking (TON), Volume 26, Issue 6

Pages 2471 - 2486

https://doi.org/10.1109/TNET.2018.2869798

Published: 01 December 2018 Publication History

Abstract

Border gateway protocol BGP prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches ranging from RPKI to popular third-party services, none of them solves the problem adequately in practice. In fact, they suffer from: i lack of detection comprehensiveness, allowing sophisticated attackers to evade detection; ii limited accuracy, especially in the case of third-party detection; iii delayed verification and mitigation of incidents, reaching up to days; and iv lack of privacy and of flexibility in post-hijack counteractions, on the side of network operators. In this paper, we propose ARTEMIS, a defense approach a based on accurate and fast detection operated by the autonomous system itself, leveraging the pervasiveness of publicly available BGP monitoring services and their recent shift towards real-time streaming and thus b enabling flexible and fast mitigation of hijacking events. Compared to the previous work, our approach combines characteristics desirable to network operators, such as comprehensiveness, accuracy, speed, privacy, and flexibility. Finally, we show through real-world experiments that with the ARTEMIS approach, prefix hijacking can be neutralized within a minute.

References

[1]

S. Hares, Y. Rekhter, and T. Li, A Border Gateway Protocol 4 (BGP-4), document RFC 4271, 2006.

[2]

YouTube Hijacking: A RIPE NCC RIS Case Study. Accessed: Aug. 2018. [Online]. Available: http://www.ripe.net/publications/news/industry-developments/youtube-hijacking-aripe-ncc-ris-case-study

[3]

Chinese ISP Hijacks the Internet. Accessed: Aug. 2018. [Online]. Available: http://www.bgpmon.net/chinese-isp-hijacked-10-of-the-internet/

[4]

Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins. Accessed: Aug. 2018. [Online]. Available: http://www.wired.com/2014/08/isp-bitcoin-theft/

[5]

A. Ramachandran and N. Feamster, "Understanding the network-level behavior of spammers," ACM SIGCOMM Comput. Commun. Rev., vol. 36, no. 4, pp. 291-302, 2006.

Digital Library

[6]

P.-A. Vervier, O. Thonnard, and M. Dacier, "Mind your blocks: On the stealthiness of malicious BGP hijacks," in Proc. NDSS, 2015.

[7]

Russian-Controlled Telecom Hijacks Financial Services' Internet Traffic. Accessed: Aug. 2018. [Online]. Available: https://arstechnica.com/security/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/

[8]

Iran Leaks Censorship via BGP Hijacks. Accessed: Aug. 2018. [Online]. Available: http://dyn.com/blog/iran-leaks-censorship-via-bgp-hijacks/

[9]

NANOG Mailing List Archives. (Sep. 2016). Defensive, BGP hijacking? [Online]. Available: http://seclists.org/nanog/2016/Sep/122

[10]

S. Kent, C. Lynn, and K. Seo, "Secure border gateway protocol (S-BGP)," IEEE J. Sel. Areas Commun., vol. 18, no. 4, pp. 582-592, Apr. 2000.

Digital Library

[11]

L. Subramanian, V. Roth, I. Stoica, S. Shenker, and R. H. Katz, "Listen and whisper: Security mechanisms for BGP," in Proc. NSDI, 2004, pp. 1-14.

Digital Library

[12]

M. Lepinski, BGPSEC Protocol Specification, document RFC 8205, 2015.

[13]

M. Lepinski, R. Barnes, and S. Kent, An Infrastructure to Support Secure Internet Routing, document RFC 6480, 2012.

[14]

J. Karlin, S. Forrest, and J. Rexford, "Pretty good BGP: Improving BGP by cautiously adopting routes," in Proc. IEEE ICNP, Nov. 2006, pp. 290-299.

Digital Library

[15]

P. Sermpezis, V. Kotronis, A. Dainotti, and X. Dimitropoulos, "A survey among network operators on BGP prefix hijacking," ACM SIGCOMM Comput. Commun. Rev., vol. 48, no. 1, pp. 64-69, 2018.

Digital Library

[16]

S. Matsumoto, R. M. Reischuk, P. Szalachowski, T. H.-J. Kim, and A. Perrig, "Authentication challenges in a global environment," ACM Trans. Privacy Secur., vol. 20, Feb. 2017, Art. no. 1.

Digital Library

[17]

R. Lychev, S. Goldberg, and M. Schapira, "BGP security in partial deployment: Is the juice worth the squeeze?" in Proc. ACM SIGCOMM, 2013, pp. 171-182.

Digital Library

[18]

D. Cooper, E. Heilman, K. Brogle, L. Reyzin, and S. Goldberg, "On the risk of misbehaving RPKI authorities," in Proc. ACM HotNets, 2013, Art. no. 16.

Digital Library

[19]

BGPmon (Commercial). Accessed: Aug. 2018. [Online]. Available: http://www.bgpmon.net

[20]

C. Zheng, L. Ji, D. Pei, J. Wang, and P. Francis, "A light-weight distributed scheme for detecting ip prefix hijacks in real-time," ACM SIGCOMM Comput. Commun. Rev., vol. 37, no. 4, pp. 277-288, 2007.

Digital Library

[21]

Y.-J. Chi, R. Oliveira, and L. Zhang, "Cyclops: The AS-level connectivity observatory," ACM SIGCOMM Comput. Commun. Rev., vol. 38, no. 5, pp. 5-16, 2008.

Digital Library

[22]

M. Lad et al., "PHAS: A prefix hijack alert system," in Proc. USENIX Secur., 2006, p. 3.

Digital Library

[23]

X. Shi, Y. Xiang, Z. Wang, X. Yin, and J. Wu, "Detecting prefix hijackings in the Internet with Argus," in Proc. ACM IMC, 2012, pp. 15-28.

Digital Library

[24]

X. Hu and Z. M. Mao, "Accurate real-time identification of IP prefix hijacking," in Proc. IEEE Symp. Secur. Privacy, May 2007, pp. 3-17.

Digital Library

[25]

The Route Views Project. Accessed: Aug. 2018. [Online]. Available: http://www.routeviews.org/

[26]

RIPE RIS--Streaming Service. Accessed: Aug. 2018. [Online]. Available: labs.ripe.net/Members/colin_petrie/updates-to-the-ripe-ncc-routing-information-service

[27]

J. Schlamp, R. Holz, Q. Jacquemart, G. Carle, and E. E. Biersack, "HEAP: Reliable assessment of BGP hijacking attacks," IEEE J. Sel. Areas Commun., vol. 34, no. 6, pp. 1849-1861, Jun. 2016.

[28]

Y. Song, A. Venkataramani, and L. Gao, "Identifying and addressing reachability and policy attacks in 'secure' BGP," IEEE/ACM Trans. Netw., vol. 24, no. 5, pp. 2969-2982, Oct. 2016.

Digital Library

[29]

Q. Li, X. Zhang, X. Zhang, and P. Su, "Invalidating idealized BGP security proposals and countermeasures," IEEE Trans. Dependable Secure Comput., vol. 12, no. 3, pp. 298-311, May/Jun. 2015.

[30]

Z. Zhang, Y. Zhang, Y. C. Hu, Z. M. Mao, and R. Bush, "iSPY: Detecting IP prefix hijacking on my own," ACM SIGCOMM Comput. Commun. Rev., vol. 38, no. 4, pp. 327-338, 2008.

Digital Library

[31]

A. Pilosov and T. Kapela. (2008). Stealing the Internet: An Internet-Scale Man in the Middle Attack. [Online]. Available: http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf

[32]

NANOG Mailing List Archives. (Oct. 2016). Another Day, Another Illicit SQUAT. [Online]. Available: seclists.org/nanog/2016/Oct/578

[33]

(Mar. 2008). YouTube Hijacking: A RIPE NCC RIS Case Study. [Online]. Available: http://www.ripe.net/internet-coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study

[34]

BGPmon (Colorado State University). Accessed: Aug. 2018. [Online]. Available: http://www.bgpmon.io

[35]

RIPE Network Coordination Center (NCC). Routing Information Service (RIS). Accessed: Aug. 2018. [Online]. Available: http://www.ripe.net/data-tools/stats/ris/routing-information-service

[36]

RIPE NCC. RIPEstat. Accessed: Aug. 2018. [Online]. Available: stat.ripe.net/

[37]

C. Orsini, A. King, D. Giordano, V. Giotsas, and A. Dainotti, "BGPStream: A software framework for live and historical BGP data analysis," in Proc. ACM IMC, 2016, pp. 429-444.

Digital Library

[38]

BGPS Tream. Accessed: Aug. 2018. [Online]. Available: bgpstream.caida.org/

[39]

(May 2017). Ripe NCC Global Technical Services Update, Ripe 74. [Online]. Available: labs.ripe.net/Members/kranjbar/ripe-ncc-technical-services-2017-part-three-focus-on-tools

[40]

J. Scudder, R. Fernando, and S. Stuart, BGP Monitoring Protocol (BMP), document RFC 7854, 2016.

[41]

CAIDA. BGPStream V2 Beta. Accessed: Aug. 2018. [Online]. Available: bgpstream.caida.org/v2-beta

[42]

P. Gill, M. Schapira, and S. Goldberg, "Let the market drive deployment: A strategy for transitioning to BGP security," ACM SIGCOMM Comput. Commun. Rev., vol. 41, no. 4, pp. 14-25, Aug. 2011.

Digital Library

[43]

S. Goldberg, M. Schapira, P. Hummon, and J. Rexford, "How secure are secure interdomain routing protocols?" Comput. Netw., vol. 70, pp. 260-287, Sep. 2014.

Digital Library

[44]

A. Cohen, Y. Gilad, A. Herzberg, and M. Schapira, "Jumpstarting BGP security with path-end validation," in Proc. ACM SIGCOMM, 2016, pp. 342-355.

Digital Library

[45]

Y. Gilad, A. Cohen, A. Herzberg, M. Schapira, and H. Shulman, "Are we there yet? On RPKI's deployment and security," in Proc. NDSS, 2016, pp. 1-15.

[46]

(Nov. 2016). The CAIDA AS Relationships Dataset. [Online]. Available: data.caida.org/datasets/as-relationships/

[47]

L. Gao and J. Rexford, "Stable Internet routing without global coordination," IEEE/ACM Trans. Netw., vol. 9, no. 6, pp. 681-692, Dec. 2001.

Digital Library

[48]

M. Luckie, B. Huffaker, A. Dhamdhere, V. Giotsas, and K. Claffy, "AS relationships, customer cones, and validation," in Proc. ACM IMC, 2013, pp. 243-256.

Digital Library

[49]

V. Giotsas, S. Zhou, M. Luckie, and K. Claffy, "Inferring multilateral peering," in Proc. ACM CoNEXT, 2013, pp. 247-258.

Digital Library

[50]

M. Lad, R. Oliveira, B. Zhang, and L. Zhang, "Understanding resiliency of Internet topology against prefix hijack attacks," in Proc. IEEE/IFIP Dependable Syst. Netw., Jun. 2007, pp. 368-377.

Digital Library

[51]

H. Ballani, P. Francis, and X. Zhang, "A study of prefix hijacking and interception in the Internet," ACM SIGCOMM Comput. Commun. Rev., vol. 37, no. 4, pp. 265-276, 2007.

Digital Library

[52]

T. Qiu et al., "Locating prefix hijackers using LOCK," in Proc. USENIX Secur. Symp., 2009, pp. 135-150.

Digital Library

[53]

CAIDA. CAIDA BGP Hackathon 2016. Accessed: Aug. 2018. [Online]. Available: http://www.caida.org/workshops/bgp-hackathon/1602/index.xml

[54]

Exa-Networks. ExaBGP: The BGP Swiss Army Knife of Networking. Accessed: Aug. 2018. [Online]. Available: github.com/ExaNetworks/exabgp

[55]

J. Schlamp, G. Carle, and E. W. Biersack, "A forensic case study on as hijacking: The attacker's perspective," ACM SIGCOMM Comput. Commun. Rev., vol. 43, no. 2, pp. 5-12, 2013.

Digital Library

[56]

J. Qiu, L. Gao, S. Ranjan, and A. Nucci, "Detecting bogus BGP route information: Going beyond prefix hijacking," in Proc. IEEE SecureComm, Sep. 2007, pp. 381-390.

[57]

R. Anwar et al., "Investigating interdomain routing policies in the wild," in Proc. ACM IMC, 2015, pp. 71-77.

Digital Library

[58]

K. Chen et al., "Where the sidewalk ends: Extending the Internet AS graph using traceroutes from P2P users," in Proc. ACM CoNEXT, 2009, pp. 217-228.

Digital Library

[59]

G. Huston. (2017). BGP in 2016, ISP Column. [Online]. Available: http://www.ipaddressnews.com/wp-content/uploads/2017/02/bgp2016.pdf

[60]

NANOG Mailing List Archives. (Feb. 2017). BGP IP Prefix Hijack Detection Times. [Online]. Available: seclists.org/nanog/2017/Feb/293

[61]

R. Bush, O. Maennel, M. Roughan, and S. Uhlig, "Internet optometry: Assessing the broken glasses in Internet reachability," in Proc. ACM IMC, 2009, pp. 242-253.

Digital Library

[62]

Arbor. Worldwide Infrastructure Security Report. Accessed: Aug. 2018. [Online]. Available: http://www.arbornetworks.com/images/documents/WISR2016_EN_Web.pdf

[63]

Sprint. (2018). Sprint Global MPLS VPN Product Annex. [Online]. Available: http://www.sprint.com/business/resources/ratesandterms/Sprint_Global_MPLS_VPN_Product_Annex.pdf

[64]

M. Strong. (2016). Think Global, Peer Local. Peer With CloudFlare at 100 Internet Exchange Points. [Online]. Available: blog.cloudflare.com/think-global-peer-local-peer-with-cloudflare-at-100-internet-exchange-points/

[65]

AS-Rank, CAIDA. Accessed: Aug. 2018. [Online]. Available: http://asrank.caida.org

[66]

B. Schlinker, K. Zarifis, I. Cunha, N. Feamster, and E. Katz-Bassett, "PEERING: An AS for Us," in Proc. ACM HotNets, 2014, p. 18.

Digital Library

[67]

The PEERING Testbed. Accessed: Apr. 2018. [Online]. Available: peering.usc.edu

[68]

S. Goldberg, "Why is it taking so long to secure Internet routing?" Commun. ACM, vol. 57, no. 10, pp. 56-63, 2014.

Digital Library

[69]

NIST. (2017). RPKI Monitor. [Online]. Available: http://rpkimonitor.antd.nist.gov/

[70]

M. Wählisch et al., "RiPKI: The tragic story of RPKI deployment in the Web ecosystem," in Proc. ACM HotNets, 2015, Art. no. 11.

Digital Library

[71]

Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, "Practical defenses against BGP prefix hijacking," in Proc. ACM CoNEXT, 2007, Art. no. 3.

Digital Library

[72]

T. Qiu, L. Ji, D. Pei, J. Wang, and J. Xu, "TowerDefense: Deployment strategies for battling against IP prefix hijacking," in Proc. IEEE ICNP, Oct. 2010, pp. 134-143.

Digital Library

Cited By

Li YLi JCao JXie RWang YXu MLuo BLiao XXu JKirda ELie D(2024)Poster: Few-Shot Inter-Domain Routing Threat Detection with Large-Scale Multi-Modal Pre-TrainingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3691402(4970-4972)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3691402
Salamatian LVermeulen KCunha IGiotsas VKatz-Bassett EVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)metAScritic: Reframing AS-Level Topology Discovery as a Recommendation SystemProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688429(337-364)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688429
Cimaszewski GBirge-Lee HWang LRexford JMittal PCalandrino JTroncoso C(2023)How effective is multiple-vantage-point domain control validation?Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620556(5701-5718)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620556
Show More Cited By

ARTEMIS: Neutralizing BGP Hijacking Within a Minute
1. Networks
  1. Network protocols
    1. Network layer protocols
  2. Network services

Recommendations

ARTEMIS: Neutralizing BGP Hijacking within a Minute
ANRW '18: Proceedings of the 2018 Applied Networking Research Workshop

BGP prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches (ranging from RPKI to popular third-party services), none of them solves the problem adequately in practice. They suffer ...
ARTEMIS: Real-Time Detection and Automatic Mitigation for BGP Prefix Hijacking
SIGCOMM '16: Proceedings of the 2016 ACM SIGCOMM Conference

Prefix hijacking is a common phenomenon in the Internet that often causes routing problems and economic losses. In this demo, we propose ARTEMIS, a tool that enables network administrators to detect and mitigate prefix hijacking incidents, against their ...
Artemis: Protection from Sexual Exploitation Attacks via SMS
PCI '12: Proceedings of the 2012 16th Panhellenic Conference on Informatics

The increasing adoption of mobile communication through SMS (Short Message Service) messages by young people, has attracted pedophiles to perform sexual exploitation attacks. Artemis is an Android application that aims to protect minors by recognizing ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking

IEEE/ACM Transactions on Networking Volume 26, Issue 6

December 2018

455 pages

ISSN:1063-6692

Issue’s Table of Contents

Copyright © 2018.

Publisher

IEEE Press

Publication History

Published: 01 December 2018

Published in TON Volume 26, Issue 6

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
201
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)3

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li YLi JCao JXie RWang YXu MLuo BLiao XXu JKirda ELie D(2024)Poster: Few-Shot Inter-Domain Routing Threat Detection with Large-Scale Multi-Modal Pre-TrainingProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3691402(4970-4972)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3691402
Salamatian LVermeulen KCunha IGiotsas VKatz-Bassett EVallina-Rodríguez NSuarez-Tángil GLevin DPelsser C(2024)metAScritic: Reframing AS-Level Topology Discovery as a Recommendation SystemProceedings of the 2024 ACM on Internet Measurement Conference10.1145/3646547.3688429(337-364)Online publication date: 4-Nov-2024
https://dl.acm.org/doi/10.1145/3646547.3688429
Cimaszewski GBirge-Lee HWang LRexford JMittal PCalandrino JTroncoso C(2023)How effective is multiple-vantage-point domain control validation?Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620556(5701-5718)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620556
Kastanakis SGiotsas VLivadariu ISuri NMontpetit MLeivadeas AUhlig SJaved M(2023)Replication: 20 Years of Inferring Interdomain Routing PoliciesProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624799(16-29)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624799
Rodday NCunha ÍBush RKatz-Bassett ERodosek GSchmidt TWählisch M(2023)The Resource Public Key Infrastructure (RPKI): A Survey on Measurements and Future ProspectsIEEE Transactions on Network and Service Management10.1109/TNSM.2023.332745521:2(2353-2373)Online publication date: 25-Oct-2023
https://dl.acm.org/doi/10.1109/TNSM.2023.3327455
Altaweel AStoleru RGu GKumar Maity ABhunia S(2023)On Detecting Route Hijacking Attack in Opportunistic Mobile NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.318602920:3(2516-2532)Online publication date: 1-May-2023
https://dl.acm.org/doi/10.1109/TDSC.2022.3186029
Hu YTian GJiang ALiu SWei JWang JTan S(2023)A Practical Heartbeat-based Defense Scheme Against Cloning Attacks in PoA BlockchainComputer Standards & Interfaces10.1016/j.csi.2022.10365683:COnline publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1016/j.csi.2022.103656
Safaei Pour MNader CFriday KBou-Harb E(2023)A Comprehensive Survey of Recent Internet Measurement Techniques for Cyber SecurityComputers and Security10.1016/j.cose.2023.103123128:COnline publication date: 1-May-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103123
Kowalski MMazurczyk W(2023)Toward the mutual routing security in wide area networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2023.109778230:COnline publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1016/j.comnet.2023.109778
Fontugne RPhokeer APelsser CVermeulen KBush R(2023)RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data PlanesPassive and Active Measurement10.1007/978-3-031-28486-1_18(429-457)Online publication date: 21-Mar-2023
https://dl.acm.org/doi/10.1007/978-3-031-28486-1_18
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents