a study of prefix hijacking and interception in the
play

A Study of Prefix Hijacking and Interception in the internet - PowerPoint PPT Presentation

Mar 19, 2023 •474 likes •873 views

A Study of Prefix Hijacking and Interception in the internet Hitesh Ballani, Paul Francis, Xinyang Zhang Presented by: Tony Z.C Huang, Adapted from slides by Hitesh Ballani Prefix Hijacking/ Interception Internet AS CIA AS U Owning

  1. A Study of Prefix Hijacking and Interception in the internet Hitesh Ballani, Paul Francis, Xinyang Zhang Presented by: Tony Z.C Huang, Adapted from slides by Hitesh Ballani

  2. Prefix Hijacking/ Interception Internet AS ¡CIA AS ¡U Owning Prefix p

  3. Prefix Hijacking/ Interception Internet AS ¡CIA AS ¡U Owning Prefix p

  4. Prefix Hijacking/ Interception Internet AS ¡CIA AS ¡U Owning Prefix p

  5. Prefix Hijacking/ Interception • Prefix ¡Hijacking:AS ¡CIA ¡ adver8ses ¡a ¡prefix ¡ Internet owned ¡by ¡AS ¡U. • Creates ¡a ¡black-­‑ hole ¡in ¡the ¡internet AS ¡CIA AS ¡U Owning Prefix p

  6. Prefix Hijacking/ Interception • Prefix ¡Hijacking:AS ¡CIA ¡ adver8ses ¡a ¡prefix ¡ Internet owned ¡by ¡AS ¡U. • Creates ¡a ¡black-­‑ hole ¡in ¡the ¡internet AS ¡CIA AS ¡U Owning Prefix p

  7. Prefix Hijacking/ Interception • Prefix ¡Hijacking:AS ¡CIA ¡ adver8ses ¡a ¡prefix ¡ Internet owned ¡by ¡AS ¡U. • Creates ¡a ¡black-­‑ You can route to hole ¡in ¡the ¡internet AS U through me AS ¡CIA AS ¡U Owning Prefix p

  8. Prefix Hijacking/ Interception • Prefix ¡Hijacking:AS ¡CIA ¡ adver8ses ¡a ¡prefix ¡ Internet owned ¡by ¡AS ¡U. • Creates ¡a ¡black-­‑ You can route to hole ¡in ¡the ¡internet AS U through me AS ¡CIA AS ¡U Owning Prefix p

  9. Prefix Hijacking/ Interception • Prefix ¡Hijacking:AS ¡CIA ¡ adver8ses ¡a ¡prefix ¡ Internet owned ¡by ¡AS ¡U. • Creates ¡a ¡black-­‑ You can route to hole ¡in ¡the ¡internet AS U through me AS ¡CIA AS ¡U Owning Prefix p

  10. Prefix Hijacking/ Interception • Prefix ¡Hijacking:AS ¡CIA ¡ adver8ses ¡a ¡prefix ¡ Internet owned ¡by ¡AS ¡U. • Creates ¡a ¡black-­‑ You can route to hole ¡in ¡the ¡internet AS U through me AS ¡CIA • Prefix ¡Intercep8on:AS ¡ AS ¡U CIA ¡routes ¡the ¡ intercepted ¡traffic ¡back ¡ Owning Prefix p to ¡AS ¡U • AS ¡U ¡would ¡not ¡find ¡ out ¡the ¡traffic ¡has ¡ been ¡intercepted.

  11. Prefix Hijacking/ Interception • Prefix ¡Hijacking:AS ¡CIA ¡ adver8ses ¡a ¡prefix ¡ Internet owned ¡by ¡AS ¡U. • Creates ¡a ¡black-­‑ You can route to hole ¡in ¡the ¡internet AS U through me AS ¡CIA • Prefix ¡Intercep8on:AS ¡ AS ¡U CIA ¡routes ¡the ¡ intercepted ¡traffic ¡back ¡ Owning Prefix p to ¡AS ¡U • AS ¡U ¡would ¡not ¡find ¡ out ¡the ¡traffic ¡has ¡ been ¡intercepted.

  12. Focus of the paper • 1) Analyze the probability of traffic hijacking/ Interception. • 2) Use routing tables from Route-Views, estimate the actual probability that an AS can hijack/ intercept traffics from other ASes. • 3) Implement interception methodology and intercept real traffic. • 4) Try to detect actual interception in the internet.

  13. Hijacking Analysis owner of prefix p AS-PATH = [... , CIA] AS-PATH = [... A] AS ¡al-­‑ AS ¡CIA Qaeda AS ¡C AS ¡B AS ¡Z AS ¡U AS- AS-PATH AS-PATH PATH = = [Z, ... = [C, [B, ... ,A] CIA] B, ... ,A] • Question: Can CIA hijacks prefix p’s traffic from AS al-Qaeda? • AS U Needs to choose between two routes • Valid routes: AS-Path = [C,B,... A], length = n; • Invalid routes: AS-Path = [Z, ... CIA], length = i; • Assumption: AS U has typical policies: • customer routes > peer routes > provider routes

  14. owner of prefix p AS-PATH = [... , CIA] AS-PATH = [... A] AS ¡al-­‑ AS ¡CIA Daeda AS ¡C AS ¡B AS ¡Z AS ¡U AS- AS-PATH AS-PATH PATH = = [Z, ... = [B, [B, ... ,A] CIA] C, ... ,A] Length Customer Peer Provider i<n X X X Customer Customer Customer i=n -- X X i>n Y X X i<n Y X X Peer Peer Peer i=n Y -- X i>n Y Y X i<n Y Y X Provider Provider Provider i=n Y Y -- i>n Y Y Y • X: The traffic can not be hijacked. • Y: The traffic can be hijacked.

  15. Discussion

  16. Discussion • Better way to hijack the traffic?

  17. Discussion • Better way to hijack the traffic? • Yes, by announcing a more specific prefix.

  18. Discussion • Better way to hijack the traffic? • Yes, by announcing a more specific prefix. • But in practice, BGP filter out prefixes more specific than /24. So analysis in this paper is still useful.

  19. Interception Analysis owner of prefix p AS ¡al-­‑ AS ¡CIA Qaeda AS ¡C AS ¡B AS ¡Z AS ¡U • The problem is routing the traffic back to the original As. • The problem is, if AS CIA’s existing routes also switches to the invalid routes, then AS CIA can not route the traffic back to AS al-Qaeda. • Safety Condition: AS CIA should have a valid route for prefix p during the Interception.

  20. Interception Analysis owner of prefix p AS ¡al-­‑ AS ¡CIA Qaeda AS ¡C AS ¡B AS ¡Z AS ¡U Some ¡Ases... • The problem is routing the traffic back to the original As. • The problem is, if AS CIA’s existing routes also switches to the invalid routes, then AS CIA can not route the traffic back to AS al-Qaeda. • Safety Condition: AS CIA should have a valid route for prefix p during the Interception.

  21. Interception Analysis • Two assumptions • customer routes > peer routes > provider routes • “Valley-free” property i.e, after traversing a provider-to- customer edge or a peer edge, the path cannot traverse another customer-to- prover or peer edge.

  22. Interception Analysis • Case 1, AS CIA’s AS ¡CIA current route is a Customer-to-Provider edge customer routes. Peer edge Namely, AS al- Qaeda is a customer of AS- AS ¡Z CIA. • Conclusion: AS- CIA can advertise the invalid route AS ¡al-­‑ to all its Qaeda neighbors, and still satisfies the safety condition.

  23. Interception Analysis • Case 1, AS CIA’s AS ¡CIA current route is a Customer-to-Provider edge customer routes. Peer edge Namely, AS al- Qaeda is a customer of AS- AS ¡Z CIA. • Conclusion: AS- CIA can advertise the invalid route AS ¡al-­‑ to all its Qaeda neighbors, and still satisfies the safety condition.

  24. Interception Analysis • Customer-to-Provider edge Case II, AS CIA’s Peer edge current route is a peer routes. Namely, AS al- AS ¡CIA AS ¡Z Qaeda is a peer of AS-CIA. • Conclusion: Similar to Case I, AS CIA can AS ¡Z1 propagate to any of the ASes along the path without violating the safety AS ¡al-­‑ condition. Qaeda

  25. Interception Analysis • Customer-to-Provider edge Case II, AS CIA’s Peer edge current route is a peer routes. Namely, AS al- AS ¡CIA AS ¡Z Qaeda is a peer of AS-CIA. • Conclusion: Similar to Case I, AS CIA can AS ¡Z1 propagate to any of the ASes along the path without violating the safety AS ¡al-­‑ condition. Qaeda

  26. Interception Analysis • Customer-to-Provider edge Case III, AS AS ¡Z1 AS ¡Z Peer edge CIA’s current route is a provider AS ¡CIA routes. AS ¡Z2 • Conclusion: AS CIA can only advertises the path to its AS ¡al-­‑ Qaeda customer and peers, but not to its provider.

  27. Interception Analysis • Customer-to-Provider edge Case III, AS AS ¡Z1 AS ¡Z Peer edge CIA’s current route is a provider AS ¡CIA routes. AS ¡Z2 • Conclusion: AS CIA can only advertises the path to its AS ¡al-­‑ Qaeda customer and peers, but not to its provider.

  28. Hijacking/Interception Estimate • Analysis results applied to Route-Views ASes • Route-view repository comprised of 34 ASes (RV- Set) • 7 tier-1 ASes, 19 tier-2, 8 others. • Parameter of Interest • Probability of Hijacking: Fraction of ASes whose traffic is hijacked by the hijacking AS, averaged across all ASes and all prefixes. • Probability of Interception is defined similarly.

  29. 100 100 Hijacking (LB) Hijacking (LB) Hijacking (UB) Hijacking (UB) Interception (LB) Interception (LB) 80 80 Interception (UB) Interception (UB) Probability (%) Probability (%) 60 60 40 40 20 20 0 0 All All T-1 T-1 T-2 T-2 T>=3 T>=3 Type of Intercepting AS Type of Intercepting AS

  30. 100 100 Hijacking (LB) Hijacking (LB) Hijacking (UB) Hijacking (UB) Interception (LB) Interception (LB) 80 80 Interception (UB) Interception (UB) Probability (%) Probability (%) 60 60 40 40 20 20 0 0 All All T-1 T-1 T-2 T-2 T>=3 T>=3 Type of Intercepting AS Type of Intercepting AS • Probability of hijacking ~ 40-60% • Probability of interception ~ 30-50%

  31. 100 100 Hijacking (LB) Hijacking (LB) Hijacking (UB) Hijacking (UB) Interception (LB) Interception (LB) 80 80 Interception (UB) Interception (UB) Probability (%) Probability (%) 60 60 40 40 20 20 0 0 All All T-1 T-1 T-2 T-2 T>=3 T>=3 Type of Intercepting AS Type of Intercepting AS • Probability of hijacking for tier-1 ISPs ~ 50-80% • Probability of interception for tier-1 ISPs ~ 50-80%

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Short-Lived Prefix Hijacking on the Internet Peter Boothe 1 James Hiebert 1 Randy Bush 2 1 { peter

Short-Lived Prefix Hijacking on the Internet Peter Boothe 1 James Hiebert 1 Randy Bush 2 1 { peter

Outline Problem Characterization Methodology Results Conclusion Short-Lived Prefix Hijacking on the Internet Peter Boothe 1 James Hiebert 1 Randy Bush 2 1 { peter , jamesmh } @ cs . uoregon . edu Computer Science/Computing Center University

450 views • 18 slides
This week, we are going to look again at another prefix. What is a prefix? Click on the right

This week, we are going to look again at another prefix. What is a prefix? Click on the right

This week, we are going to look again at another prefix. What is a prefix? Click on the right answer. A prefix is a word or A prefix is a group group of words that A prefix is a group of letters that goes comes at the start of of letters

462 views • 21 slides
Lawful Interception in German VoIP-Networks 22C3, Berlin Hendrik Scholz hscholz@raisdorf.net

Lawful Interception in German VoIP-Networks 22C3, Berlin Hendrik Scholz hscholz@raisdorf.net

Lawful Interception in German VoIP-Networks 22C3, Berlin Hendrik Scholz hscholz@raisdorf.net http://www.wormulon.net/ Agenda What is Lawful Interception (LI)? Terms, Laws Lawful Interception in PSTN networks Lawful Interception

658 views • 27 slides
This week, we are going to look at another prefix. What is a prefix? Choose the right answer. A

This week, we are going to look at another prefix. What is a prefix? Choose the right answer. A

This week, we are going to look at another prefix. What is a prefix? Choose the right answer. A prefix is a word or A prefix is a group group of words that A prefix is a group of letters that goes comes at the start of of letters that goes

317 views • 21 slides
.NET HIJACKING to DEFEND POWERSHELL AMANDA ROUSSEAU CanSecWest 2017 | .NET Hijacking to Defend

.NET HIJACKING to DEFEND POWERSHELL AMANDA ROUSSEAU CanSecWest 2017 | .NET Hijacking to Defend

1 .NET HIJACKING to DEFEND POWERSHELL AMANDA ROUSSEAU CanSecWest 2017 | .NET Hijacking to Defend PowerShell 2 MALWARE UNICORN Senior or Malware Researcher @ Endgame, Inc. Wo Works s as s a a Mal alware are Re Researc archer r at at

1.04k views • 47 slides
Generic Library Interception Generic Library Interception for Improved Performance Measurement

Generic Library Interception Generic Library Interception for Improved Performance Measurement

Generic Library Interception Generic Library Interception for Improved Performance Measurement for Improved Performance Measurement and Insight and Insight Ronny Brendel, Bert Wesarg, Ronny Tschter, Matthias Weber, Thomas Ilsche, Sebastian

419 views • 13 slides
Parallel prefix adders Kostas Vitoroulis, 2006. Presented to Dr. A. J. Al-Khalili. Concordia

Parallel prefix adders Kostas Vitoroulis, 2006. Presented to Dr. A. J. Al-Khalili. Concordia

Parallel prefix adders Kostas Vitoroulis, 2006. Presented to Dr. A. J. Al-Khalili. Concordia University. Overview of presentation Parallel prefix operations Binary addition as a parallel prefix operation Prefix graphs Adder

764 views • 35 slides
JSON hijacking For the modern web About me Im a researcher at PortSwigger I love

JSON hijacking For the modern web About me Im a researcher at PortSwigger I love

JSON hijacking For the modern web About me Im a researcher at PortSwigger I love hacking JavaScript let : let { let :[x=1]}=[alert(1)] I love breaking browsers @garethheyes History of JSON hijacking Array constructor attack

630 views • 44 slides
IP Prefix Advertisement in EVPN draft-rabadan-l2vpn-evpn-prefix-advertisement-01 Jorge Rabadan

IP Prefix Advertisement in EVPN draft-rabadan-l2vpn-evpn-prefix-advertisement-01 Jorge Rabadan

IP Prefix Advertisement in EVPN draft-rabadan-l2vpn-evpn-prefix-advertisement-01 Jorge Rabadan Wim Hendericks Florin Balus Senad Palislamovic Aldrin Isaac IETF 88, November 2013 Vancouver, Canada The prefix-advertisement route (route-type

244 views • 8 slides
Recap: Prefix Sums Given A : set of n integers Find B : prefix sums A: 3 1 1 7 2 5

Recap: Prefix Sums Given A : set of n integers Find B : prefix sums A: 3 1 1 7 2 5

Recap: Prefix Sums Given A : set of n integers Find B : prefix sums A: 3 1 1 7 2 5 9 2 4 3 3 B: 3 4 5 12 14 19 28 30 34 37 40 1 / 86 Recap: Parallel Prefix Sums Recursive algorithm Recursively computes sums Use

3.11k views • 86 slides
Demo: BGP Path Hijacking Vimal Stanford University August 18

Demo: BGP Path Hijacking Vimal Stanford University August 18

Demo: BGP Path Hijacking Vimal Stanford University August 18 th 2014 Goals of the Assignment Understand how BGP path hijacking aGacks might happen in

322 views • 11 slides
TRAINING PROGRAMME Lawful Interception &amp; Data Retention ETSI/TC LI Lawful Interception

TRAINING PROGRAMME Lawful Interception &amp; Data Retention ETSI/TC LI Lawful Interception

Statements on Standardisation (handover interface) Without standardisation each Service Provider can define its own mechanism / format for the delivery of the data (LI and/or DR) to the Monitoring Facility Without standardisation the

684 views • 57 slides
SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of

SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of

The SHA-1 Hash Function Chosen-prefix Collisions Our Results Conclusion Extra Materials SHA-1 is a Shambles First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust Ga etan Leurent (INRIA - France) Thomas Peyrin (NTU

650 views • 29 slides
Control Hijacking Attacks C t lin Hri cu May 15, 2009 1 Substituting Prof. Backes 2

Control Hijacking Attacks C t lin Hri cu May 15, 2009 1 Substituting Prof. Backes 2

Practical Aspects of Security Prof. Michael Backes Control Hijacking Attacks C t lin Hri cu May 15, 2009 1 Substituting Prof. Backes 2 Control hijacking attacks Attackers goal: Take over target machine (e.g. web server)

921 views • 57 slides
Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild Elie Bursztein, Borbala

Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild Elie Bursztein, Borbala

Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild Elie Bursztein, Borbala Benko, Daniel Margolis, Tadek Pietraszek Andy Archer, Allan Aquino, Andreas Pitsillidis (UCSD), Stefan Savage (UCSD) Hijacking is a pervasive problem

318 views • 27 slides
Articulus Detecting IP Hijacking Through Server Fingerprinting Research Question How can we

Articulus Detecting IP Hijacking Through Server Fingerprinting Research Question How can we

Articulus Detecting IP Hijacking Through Server Fingerprinting Research Question How can we detect BGP IP hijacking by probing the at risk subnets to detect suspect change to hosts and subnets. 2 Intro Fingerprinting Avoiding

795 views • 31 slides
Use Case for Distributed Data Center in SUPA draft-cheng-supa-ddc-use-cases Y. Cheng, L. M.

Use Case for Distributed Data Center in SUPA draft-cheng-supa-ddc-use-cases Y. Cheng, L. M.

Use Case for Distributed Data Center in SUPA draft-cheng-supa-ddc-use-cases Y. Cheng, L. M. Contreras, JF. Tremblay, J. Bi draft-xie-inter-dc-traffic-optimization C. Xie Q. Sun IETF 92, Dallas, March 2015 Sub-use case 1:

360 views • 9 slides
Setting awesome goals Phil Dexter Agile in the City Bristol 2018 Phil Dexter Delivery Manager

Setting awesome goals Phil Dexter Agile in the City Bristol 2018 Phil Dexter Delivery Manager

Setting awesome goals Phil Dexter Agile in the City Bristol 2018 Phil Dexter Delivery Manager and Agile Coach at Torchbox 8 years in London working for IBM 1 year in Sydney working for Westpac 1 year in Bristol working for

473 views • 22 slides
CSE 373: Introduction, ADTs, Design Decisions, Generics Michael Lee Wednesday Jan 3, 2017 1 2

CSE 373: Introduction, ADTs, Design Decisions, Generics Michael Lee Wednesday Jan 3, 2017 1 2

CSE 373: Introduction, ADTs, Design Decisions, Generics Michael Lee Wednesday Jan 3, 2017 1 2 Overview Michael Lee (mlee42@cs.washington.edu) Currently working on a masters degree in Computer Science Supervised by Adam Blank

875 views • 48 slides
Corporate Environments For Social Media Investigations Part Two of a Four Part Series About the

Corporate Environments For Social Media Investigations Part Two of a Four Part Series About the

X1 Social Discovery Geo-fencing and Monitoring Corporate Environments For Social Media Investigations Part Two of a Four Part Series About the Presenters Joe Church Founder &amp; Owner Digital Shield, Incorporated Jason Kleinberg Account

353 views • 18 slides
Safe harbor statement Under the private securities litigation reform act of 1995 This

Safe harbor statement Under the private securities litigation reform act of 1995 This

Safe harbor statement Under the private securities litigation reform act of 1995 This presentation contains certain forward- looking statements and expectations regarding the companys future performance and the performance of its brands.

276 views • 13 slides
SOCI 323 Social Psychology Session 9 SOCIAL PERCEPTION Lecturer: Dr. Peace Mamle Tetteh,

SOCI 323 Social Psychology Session 9 SOCIAL PERCEPTION Lecturer: Dr. Peace Mamle Tetteh,

SOCI 323 Social Psychology Session 9 SOCIAL PERCEPTION Lecturer: Dr. Peace Mamle Tetteh, Department of Sociology Contact Information: ptetteh@ug.edu.gh College of Education School of Continuing and Distance Education 2014/2015 2016/2017

419 views • 27 slides
http://www.ioccc.org/2015/burton/prog.c http://www.itiseezee.com/?p=83 By refined

http://www.ioccc.org/2015/burton/prog.c http://www.itiseezee.com/?p=83 By refined

http://www.ioccc.org/2015/burton/prog.c http://www.itiseezee.com/?p=83 By refined annoyance, I mean the refusal to accept friction of any sort. https://blog.crisp.se/2016/06/08/henrikkniberg/spotify-rhythm Should I talk to you? Should I

807 views • 70 slides
and well-being Looking ahead, the best overall resource for you will be your research advisor

and well-being Looking ahead, the best overall resource for you will be your research advisor

Resources for research and well-being Looking ahead, the best overall resource for you will be your research advisor Research Advisor Try to meet weekly and ask questions Begin searching if you do not have an advisor required before

684 views • 31 slides

More recommend