Border Gateway Protocol (BGP) is the standard protocol used for inter-domain routing in the Internet. Since it was designed without built-in security mechanisms, nowadays it results in being vulnerable to various security issues. Although countermeasures exist to secure BGP sessions, they are not widely used due to lack of knowledge and complexity of the setup. The aim of this paper is to raise awareness about routing security in BGP, to provide a methodology to deepen the analysis of BGP incidents and a tool to reproduce them in a sandbox environment, to better understand how these issues arise and why it is crucial to have security countermeasures in place. The paper examines a recent BGP incident in March 2022, where a Russian ISP hijacked an IP prefix belonging to Twitter. A comprehensive analysis of the incident is performed, including how it spread throughout the Internet and presenting the powerful toolkit used for the analysis. In the last section, the paper explains the usage and the potentiality of the tool KathBGPBuilder, which can recreate a real BGP deployment with minimal manual configuration using open data collected from RIPEstat. This tool can be utilized to experiment and recreate real BGP incidents, or to test security mechanisms.
Analysis and emulation of BGP hijacking events / Spadaccino, Pietro; Bruzzese, Sara; Cuomo, Francesca; Luciani, Flavio. - (2023), pp. 1-4. (Intervento presentato al convegno 2nd International Intelligence Provisioning for Network and Service Management in Softwarized Networks (IPSN 2023) tenutosi a Miami FL USA) [10.1109/NOMS56928.2023.10154437].
Analysis and emulation of BGP hijacking events
Spadaccino, Pietro;Cuomo, Francesca;
2023
Abstract
Border Gateway Protocol (BGP) is the standard protocol used for inter-domain routing in the Internet. Since it was designed without built-in security mechanisms, nowadays it results in being vulnerable to various security issues. Although countermeasures exist to secure BGP sessions, they are not widely used due to lack of knowledge and complexity of the setup. The aim of this paper is to raise awareness about routing security in BGP, to provide a methodology to deepen the analysis of BGP incidents and a tool to reproduce them in a sandbox environment, to better understand how these issues arise and why it is crucial to have security countermeasures in place. The paper examines a recent BGP incident in March 2022, where a Russian ISP hijacked an IP prefix belonging to Twitter. A comprehensive analysis of the incident is performed, including how it spread throughout the Internet and presenting the powerful toolkit used for the analysis. In the last section, the paper explains the usage and the potentiality of the tool KathBGPBuilder, which can recreate a real BGP deployment with minimal manual configuration using open data collected from RIPEstat. This tool can be utilized to experiment and recreate real BGP incidents, or to test security mechanisms.File | Dimensione | Formato | |
---|---|---|---|
Spadaccino_Analysis_2023.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
677.96 kB
Formato
Adobe PDF
|
677.96 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.