research-article

Open access

SICO: Surgical Interception Attacks by Manipulating BGP Communities

Authors:

Henry Birge-Lee,

Jennifer Rexford,

Prateek MittalAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 431 - 448

https://doi.org/10.1145/3319535.3363197

Published: 06 November 2019 Publication History

Abstract

The Border Gateway Protocol (BGP) is the primary routing protocol for the Internet backbone, yet it lacks adequate security mechanisms. While simple BGP hijack attacks only involve an adversary hijacking Internet traffic destined to a victim, more complex and challenging interception attacks require that adversary intercept a victim's traffic and forward it on to the victim. If an interception attack is launched incorrectly, the adversary's attack will disrupt its route to the victim making it impossible to forward packets. To overcome these challenges, we introduce SICO attacks (Surgical Interception using COmmunities): a novel method of launching interception attacks that leverages BGP communities to scope an adversary's attack and ensure a route to the victim. We then show how SICO attacks can be targeted to specific source IP addresses for reducing attack costs. Furthermore, we ethically perform SICO attacks on the real Internet backbone to evaluate their feasibility and effectiveness. Results suggest that SICO attacks can achieve interception even when previously proposed attacks would not be feasible and outperforms them by attracting traffic from an additional 16% of Internet hosts (worst case) and 58% of Internet hosts (best case). Finally, we analyze the Internet topology to find that at least 83% of multi-homed ASes are capable of launching these attacks.

Supplementary Material

WEBM File (p431-birge-lee.webm)

Download
99.19 MB

References

[1]

Hitesh Ballani, Paul Francis, and Xinyang Zhang. 2007. A Study of Prefix Hijacking and Interception in the Internet. In Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM '07). ACM, New York, NY, USA, 265--276. https://doi.org/10.1145/1282380.1282411

Digital Library

[2]

Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, and Prateek Mittal. 2018. Bamboozling Certificate Authorities with BGP. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 833--849. https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee

[3]

Jay Borkenhagen. [n.d.]. NANOG Mailing List: AT&T/as7018 now drops invalid prefixes from peers. https://mailman.nanog.org/pipermail/nanog/2019-February/099501.html

[4]

Russell Brandom. 2018. Hackers emptied Ethereum wallets by breaking the basic infrastructure of the internet. https://www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum

[5]

R. Bush and R. Austein. 2013. The Resource Public Key Infrastructure (RPKI) to Router Protocol. RFC 6810. RFC Editor.

[6]

R. Chandra, P. Traina, and T. Li. 1996. BGP Communities Attribute. RFC 1997. RFC Editor.

[7]

Christoph Dietzel, Matthias Wichtlhuber, Georgios Smaragdakis, and Anja Feldmann. 2018. Stellar: Network Attack Mitigation Using Advanced Blackholing. In Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies (CoNEXT '18). ACM, New York, NY, USA, 152--164. https://doi.org/10.1145/3281411.3281413

Digital Library

[8]

Benoit Donnet and Olivier Bonaventure. 2008. On BGP Communities. SIGCOMM Comput. Commun. Rev., Vol. 38, 2 (March 2008), 55--59. https://doi.org/10.1145/1355734.1355743

Digital Library

[9]

Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In ACM Conference on Computer and Communications Security.

[10]

L. Gao and J. Rexford. 2001. Stable Internet routing without global coordination. IEEE/ACM Transactions on Networking, Vol. 9, 6 (Dec 2001), 681--692.

[11]

Yossi Gilad, Avichai Cohen, Amir Herzberg, Michael Schapira, and Haya Shulman. 2017. Are We There Yet? On RPKI's Deployment and Security. In Network and Distributed Systems Security Symposium (NDSS).

[12]

V. Giotsas, C. Dietzel, G. Smaragdakis, A. Feldmann, A. Berger, and E. Aben. 2017a. Detecting Peering Infrastructure Outages in the Wild. In ACM SIGCOMM.

[13]

V. Giotsas, G. Smaragdakis, C. Dietzel, P. Richter, A. Feldmann, and A. Berger. 2017b. Inferring BGP Blackholing Activity in the Internet. In Internet Measurement Conference (IMC).

[14]

Sharon Goldberg, Michael Schapira, Peter Hummon, and Jennifer Rexford. 2010. How Secure Are Secure Interdomain Routing Protocols. In Proceedings of the ACM SIGCOMM 2010 Conference (SIGCOMM '10). ACM, New York, NY, USA, 87--98. https://doi.org/10.1145/1851182.1851195

Digital Library

[15]

Dan Goodin. 2017. Russian-controlled telecom hijacks financial services' Internet traffic. https://arstechnica.com/information-technology/2017/04/russian-controlled-telecom-hijacks-financial-services-internet-traffic/

[16]

G. Huston. 2004. NOPEER Community for Border Gateway Protocol (BGP) Route Scope Control. RFC 3765. RFC Editor.

[17]

Team Cymru Inc. [n.d.]. The Bogon Reference. https://www.team-cymru.com/bogon-reference.html

[18]

S. Kent, C. Lynn, and K. Seo. 2000. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications, Vol. 18, 4 (April 2000), 582--592. https://doi.org/10.1109/49.839934

Digital Library

[19]

T. King, C. Dietzel, J. Snijders, G. Doering, and G. Hankins. 2016. BLACKHOLE Community. RFC 7999. RFC Editor.

[20]

Jac Kloots. 2014. RPKI Routing Policy Decision-Making - a SURFnet Perspective. https://labs.ripe.net/Members/jac_kloots/rpki-routing-policy-decision-making-a-surfnet-perspective

[21]

Maria Konte, Roberto Perdisci, and Nick Feamster. 2015. ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes. In Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication (SIGCOMM '15). ACM, New York, NY, USA, 625--638. https://doi.org/10.1145/2785956.2787494

Digital Library

[22]

W. Kumari and D. McPherson. 2009. Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF). RFC 5635. RFC Editor.

[23]

Mohit Lad, Daniel Massey, Dan Pei, Yiguo Wu, Beichuan Zhang, and Lixia Zhang. 2006. PHAS: A Prefix Hijack Alert System. In USENIX Security Symposium, Vol. 1. 3.

[24]

M. Lepinski and K. Sriram. 2017. BGPsec Protocol Specification. RFC 8205. RFC Editor.

[25]

Martin J Levy. 2019. The deep-dive into how Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Monday. https://blog.cloudflare.com/the-deep-dive-into-how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-monday/

[26]

Kirk Lougheed and Jacob Rekhter. 1989. Border Gateway Protocol (BGP). RFC 1105. RFC Editor. http://www.rfc-editor.org/rfc/rfc1105.txt http://www.rfc-editor.org/rfc/rfc1105.txt.

[27]

Robert Lychev, Sharon Goldberg, and Michael Schapira. 2013. BGP Security in Partial Deployment: Is the Juice Worth the Squeeze?. In ACM SIGCOMM. New York, NY, USA, 171--182. https://doi.org/10.1145/2486001.2486010

[28]

Apostolaki Maria, Zohar Aviv, and Vanbever Laurent. 2017. Hijacking Bitcoin: Routing Attacks on Cryptocurrencies. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE.

[29]

NL-ix. 2019. https://www.nl-ix.net/noc/how-get-most-out-your-nl-ix-connection/

[30]

Alex Pilosov and Tony Kapela. 2008. Stealing the Internet: An Internet-scale man in the middle attack. NANOG-44, Los Angeles, October (2008), 12--15.

[31]

Bruno Quoitin, Steve Uhlig, and Olivier Bonaventure. 2002. Using Redistribution Communities for Interdomain Traffic Engineering. In Proceedings of the 3rd International Conference on Quality of Future Internet Services and Internet Charging and QoS Technologies 2Nd International Conference on From QoS Provisioning to QoS Charging (QofIS'02/ICQT'02). Springer-Verlag, Berlin, Heidelberg, 125--134. http://dl.acm.org/citation.cfm?id=1754656.1754672

[32]

J. Schlamp, R. Holz, Q. Jacquemart, G. Carle, and E. W. Biersack. 2016. HEAP: Reliable Assessment of BGP Hijacking Attacks. IEEE Journal on Selected Areas in Communications, Vol. 34, 6 (June 2016), 1849--1861. https://doi.org/10.1109/JSAC.2016.2558978

[33]

Brandon Schlinker, Kyriakos Zarifis, Italo Cunha, Nick Feamster, and Ethan Katz-Bassett. 2014. PEERING: An AS for us. In ACM Workshop on Hot Topics in Networks. ACM, 18.

Digital Library

[34]

Job Snijders. 2016. Practical everyday BGP filtering with AS_PATH filters:Peer Locking. NANOG-67, Chicago, June (2016).

[35]

Florian Streibelt. 2019. BGP Communities - A Weapon for the Internet (Part 2). https://labs.ripe.net/Members/florian_streibelt/bgp-communities-a-weapon-for-the-internet-part-2

[36]

Florian Streibelt, Franziska Lichtblau, Robert Beverly, Anja Feldmann, Cristel Pelsser, Georgios Smaragdakis, and Randy Bush. 2018. BGP Communities: Even More Worms in the Routing Can. In Proceedings of the Internet Measurement Conference 2018 (IMC '18). ACM, New York, NY, USA, 279--292. https://doi.org/10.1145/3278532.3278557

Digital Library

[37]

Y. Sun, A. Edmundson, N. Feamster, M. Chiang, and P. Mittal. 2017. Counter-RAPTOR: Safeguarding Tor Against Active Routing Attacks. In 2017 IEEE Symposium on Security and Privacy (SP). 977--992. https://doi.org/10.1109/SP.2017.34

[38]

Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, and Prateek Mittal. 2015. RAPTOR: Routing Attacks on Privacy in Tor. In USENIX Security Symposium. 271--286.

Digital Library

[39]

Russ White. 2003. Deployment Considerations for Secure Origin BGP (soBGP). Internet-Draft draft-white-sobgp-bgp-deployment-01. IETF Secretariat. https://tools.ietf.org/html/draft-white-sobgp-bgp-deployment-01 https://tools.ietf.org/html/draft-white-sobgp-bgp-deployment-01.

[40]

X. Zhang, H. C. Hsiao, G. Hasker, H. Chan, A. Perrig, and D. G. Andersen. 2011. SCION: Scalability, Control, and Isolation on Next-Generation Networks. In IEEE Symposium on Security and Privacy (SP). 212--227. https://doi.org/10.1109/SP.2011.45

[41]

Zheng Zhang, Ying Zhang, Y. Charlie Hu, Z. Morley Mao, and Randy Bush. 2008. Ispy: Detecting IP Prefix Hijacking on My Own. In Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication (SIGCOMM '08). ACM, New York, NY, USA, 327--338. https://doi.org/10.1145/1402958.1402996

Digital Library

Cited By

Tran Mvon Arx TVanbever L(2024)Routing Attacks on Cryptocurrency Mining Pools2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00254(3805-3821)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00254
JUNJIE OYANAI NTAKEMURA TOKADA MOKAMURA SCRUZ J(2023)APVAS: Reducing the Memory Requirement of AS_PATH Validation by Introducing Aggregate Signatures into BGPsecIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.2022CIP0024E106.A:3(170-184)Online publication date: 1-Mar-2023
https://doi.org/10.1587/transfun.2022CIP0024
Krenc TLuckie MMarder Aclaffy kMontpetit MLeivadeas AUhlig SJaved M(2023)Coarse-grained Inference of BGP Community IntentProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624838(66-72)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624838
Show More Cited By

Index Terms

SICO: Surgical Interception Attacks by Manipulating BGP Communities
1. Networks
2. Security and privacy
  1. Network security

Recommendations

A Taxonomy of Attacks Using BGP Blackholing
Computer Security – ESORICS 2019
Abstract
BGP blackholing is a common technique used to mitigate DDoS attacks. Generally, the victim sends in a request for traffic to the attacked IP(s) to be dropped. Unfortunately, remote parties may misuse blackholing [29, 57] and send requests for IPs ...
Hop-count filtering: an effective defense against spoofed DDoS traffic
CCS '03: Proceedings of the 10th ACM conference on Computer and communications security

IP spoofing has been exploited by Distributed Denial of Service (DDoS) attacks to (1) conceal flooding sources and localities in flooding traffic, and (2) coax legitimate hosts into becoming reflectors, redirecting and amplifying flooding traffic. Thus, ...
How secure are secure interdomain routing protocols
SIGCOMM '10

In response to high-profile Internet outages, BGP security variants have been proposed to prevent the propagation of bogus routing information. To inform discussions of which variant should be deployed in the Internet, we quantify the ability of the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Copyright © 2019 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
2,051
Total Downloads

Downloads (Last 12 months)389
Downloads (Last 6 weeks)53

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tran Mvon Arx TVanbever L(2024)Routing Attacks on Cryptocurrency Mining Pools2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00254(3805-3821)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00254
JUNJIE OYANAI NTAKEMURA TOKADA MOKAMURA SCRUZ J(2023)APVAS: Reducing the Memory Requirement of AS_PATH Validation by Introducing Aggregate Signatures into BGPsecIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences10.1587/transfun.2022CIP0024E106.A:3(170-184)Online publication date: 1-Mar-2023
https://doi.org/10.1587/transfun.2022CIP0024
Krenc TLuckie MMarder Aclaffy kMontpetit MLeivadeas AUhlig SJaved M(2023)Coarse-grained Inference of BGP Community IntentProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624838(66-72)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624838
Umeda NKimura TYanai N(2023)The Juice Is Worth the Squeeze: Analysis of Autonomous System Provider Authorization in Partial DeploymentIEEE Open Journal of the Communications Society10.1109/OJCOMS.2022.32338334(269-306)Online publication date: 2023
https://doi.org/10.1109/OJCOMS.2022.3233833
Ye HWang SLi D(2023)Impact of International Submarine Cable on Internet RoutingIEEE INFOCOM 2023 - IEEE Conference on Computer Communications10.1109/INFOCOM53939.2023.10229024(1-10)Online publication date: 17-May-2023
https://doi.org/10.1109/INFOCOM53939.2023.10229024
He JLi YZhang HWang MAn CWang J(2023)Be Careful of Your Neighbors: Injected Sub-Prefix Hijacking Invisible to Public MonitorsICC 2023 - IEEE International Conference on Communications10.1109/ICC45041.2023.10278923(3774-3780)Online publication date: 28-May-2023
https://doi.org/10.1109/ICC45041.2023.10278923
Milolidakis ABühler TWang KChiesa MVanbever LVissicchio S(2023)On the Effectiveness of BGP Hijackers That Evade Public Route CollectorsIEEE Access10.1109/ACCESS.2023.326112811(31092-31124)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3261128
Sundberg SBrunstrom AFerlin-Reiter SHøiland-Jørgensen TBrouer J(2023)Efficient Continuous Latency Monitoring with eBPFPassive and Active Measurement10.1007/978-3-031-28486-1_9(191-208)Online publication date: 21-Mar-2023
https://dl.acm.org/doi/10.1007/978-3-031-28486-1_9
Birge-Lee HApostolaki MRexford J(2022)It takes two to tangoProceedings of the 21st ACM Workshop on Hot Topics in Networks10.1145/3563766.3564107(174-180)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3563766.3564107
Mazzola FMarcos PBarcellos MBianchi GMei A(2022)Light, camera, actionsProceedings of the 18th International Conference on emerging Networking EXperiments and Technologies10.1145/3555050.3569143(196-203)Online publication date: 30-Nov-2022
https://dl.acm.org/doi/10.1145/3555050.3569143
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents