Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.

Slides:



Advertisements
Similar presentations
Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)
Advertisements

Security in Mobile Ad Hoc Networks
LASTor: A Low-Latency AS-Aware Tor Client
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.
SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011.
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Improving BGP Convergence Through Consistency Assertions Dan Pei, Lan Wang, Lixia Zhang UCLA Xiaoliang Zhao, Daniel Massey, Allison Mankin, USC/ISI S.
Accurate Real-Time Identification of IP Prefix Hijacking Z. Morley Mao Xin Hu 2007 IEEE Symposium on and Privacy Oakland, California 2007 IEEE Symposium.
Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Wresting Control from BGP: Scalable Fine-grained Route Control UCSD / AT&T Research Usenix —June 22, 2007 Dan Pei, Tom Scholl, Aman Shaikh, Alex C. Snoeren,
Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
March 22, 2002 Simple Protocols, Complex Behavior (Simple Components, Complex Systems) Lixia Zhang UCLA Computer Science Department.
Inter-domain Routing security Problems Solutions.
Root cause analysis of BGP routing dynamics Matt Caesar, Lakshmi Subramanian, Randy H. Katz.
2003/11/051 The Temporal and Topological Characteristics of BGP Path Changes Di-Fa Chang Ramesh Govindan John Heidemann USC/Information Sciences Institute.
Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)
DARPA NMS PI Meeting November 14, 2002 Understanding BGP in Action Dan Massey USC/ISI.
New Directions and Half-Baked Ideas in Topology Modeling Ellen W. Zegura College of Computing Georgia Tech.
A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University,
Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.
Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.
Real-Time BGP Data Access 1 Mikhail Strizhov Colorado State University.
9/15/2015CS622 - MIRO Presentation1 Wen Xu and Jennifer Rexford Department of Computer Science Princeton University Chuck Short CS622 Dr. C. Edward Chow.
1 Controlling IP Spoofing via Inter-Domain Packet Filters Zhenhai Duan Department of Computer Science Florida State University.
IDRM: Inter-Domain Routing Protocol for Mobile Ad Hoc Networks C.-K. Chau, J. Crowcroft, K.-W. Lee, S. H.Y. Wong.
University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based.
How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.
On AS-Level Path Inference Jia Wang (AT&T Labs Research) Joint work with Z. Morley Mao (University of Michigan, Ann Arbor) Lili Qiu (University of Texas,
1 GIRO: Geographically Informed Inter-domain Routing Ricardo Oliveira, Mohit Lad, Beichuan Zhang, Lixia Zhang.
Advanced Networking Lab. Given two IP addresses, the estimation algorithm for the path and latency between them is as follows: Step 1: Map IP addresses.
TDTS21: Advanced Networking Lecture 7: Internet topology Based on slides from P. Gill and D. Choffnes Revised 2015 by N. Carlsson.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
Large-Scale IP Traceback in High-Speed Internet : Practical Techniques and Theoretical Foundation Jun (Jim) Xu Networking & Telecommunications Group College.
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.
On Understanding of Transient Interdomain Routing Failures Feng Wang, Lixin Gao, Jia Wang, and Jian Qiu Department of Electrical and Computer Engineering.
A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡
1 Quantifying Path Exploration in the Internet Ricardo Oliveira, Rafit Izhak-Ratzin, Lixia Zhang, UCLA Beichuan Zhang, UArizona Dan Pei, AT&T Labs -- Research.
1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.
SIGCOMM 2012 (August 16, 2012) Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen.
Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.
Advancements in the Inference of AS Relationships Xenofontas Dimitropoulos (Fontas) (CAIDA/GaTech) Dmitri Krioukov Bradley Huffaker k claffy George Riley.
Eliminating Packet Loss Caused by BGP Convergence Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes Josh Karlin, Stephanie Forrest, Jennifer Rexford IEEE International Conference on Network.
A Security Framework with Trust Management for Sensor Networks Zhiying Yao, Daeyoung Kim, Insun Lee Information and Communication University (ICU) Kiyoung.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.
1/18 Evaluating Potential Routing Diversity for Internet Failure Recovery *Chengchen Hu, + Kai Chen, + Yan Chen, *Bin Liu *Tsinghua University, + Northwestern.
Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.
One Hop for RPKI, One Giant Leap for BGP Security Yossi Gilad (Hebrew University) Joint work with Avichai Cohen (Hebrew University), Amir Herzberg (Bar.
1 On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^ University of Michigan* Purdue University.
Jian Wu (University of Michigan)
Bamboozling Certificate Authorities with BGP
COS 461: Computer Networks
Fixing the Internet: Think Locally, Impact Globally
Trust-based Privacy Preservation for Peer-to-peer Data Sharing
Presentation transcript:

Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia Tech *AT&T Lab – Research ++ Department of Computer Science, Cornell University 1

Outline Background & Motivation System Architecture Basic algorithm and improvements Evaluation Conclusion 2

Background 3 Autonomous System (AS) Border Gateway Protocol (BGP) Profit-driven policy AS B AS E AS D AS A AS C I own prefix p! AS Path: BE AS Path: ABE AS Path: DE AS Path: CBE Peer-Peer Customer-provider AS update message CBE or CDE?

Background (cont.) 44 AS B AS E AS D AS A AS C AS Path: CBE Peer-Peer Customer-provider AS update message I own prefix p! AS Path: CBA AS Path: BA BGP lacks authentication Fabricated AS announcement Prefix hijacking blackholing imposture interception p

State of Art Proactive – Prevent the happenings of hijacks e.g. [Kent et al. JSAC 00] [Aiello et al. CCS 03], [Subramanian et al. NSDI 04], [Karlin et al. ICNP 06], etc. – Deployment issues: Routing infrastructure modification Difficulties of incremental deployment PKI requirement Reactive – Detection e.g. [Lad et al. Usenix Secuirty 06], [ Ballani et al. Sigcomm 07], [ Zheng et al. Sigcomm 07], [Hu et al. IEEE S&P 07], [ Zhang et al. Sigcomm 08], etc. – Recovery e.g. [ Zhang et al. CoNext 07] 5

A Complete and Automated Solution? Locating is important – Provide key information for recovery/mitigation Locating is not trivial – Current practice Indentify newly appeared origin AS of prefix p 6 Detect Recover Locate C C D D E E A A B B BA CBA BAE CBAE announce AE p

System Architecture of LOCK 7 AS B AS E AS D AS A AS C Peer-Peer Customer-provider Input: Target prefix p Output: A is the hijacker! p

Key Components of LOCK Monitor Selection (from candidates) – Maximize the likelihood of observing hijacking events on the target prefix – Maximize the diversity of paths from monitors to the target prefix Locating Scheme – Using AS path information – Infer the hijacker location (how?) 8

Two key observations Countermeasure ability – The hijacker cannot manipulate the portion of AS path from a polluted vantage point to the upstream neighbor AS of the hijacker AS 9 M1M1 M1M1 M2M2 M2M2 M3M3 M3M3 A A B B C C H H X X Y Y Z Z T T D D T owns prefix p AH BH H H H H AX BX X X X X

Two key observations Convergence: The trustworthy portion of polluted AS paths from multiple vantage points to a hijacked victim AS prefix converge around the hijacker AS (based on real AS topology). 10 M1M1 M1M1 M2M2 M2M2 M3M3 M3M3 A A B B C C H H X X Y Y Z Z T T D D AH BH H H H H AX BX X X X X converge at H converge at X? p

Basic Locating Algorithm Indentifying hijacker search space – Neighborset of one AS: ASes one-hop away (include itself) – Based on existing AS topology – The union of neighborset of all ASes on all polluted paths (why?) – The hijacker should be in the space (based on observation 1) Ranking all ASes in the search space – Based on observation 2 – The more frequently an AS appears, the higher its ranking is – Tie breaker: The closer an AS to the monitors, the higher its ranking is 11

Basic Locating Algorithm Example 12 M1M1 M1M1 M2M2 M2M2 M3M3 M3M3 A A B B C C H H X X Y Y Z Z T T D D MonitorsPolluted AS PATHNeighbor SetHijacker List M1A X(A H) ( H X Y)H > ( 4 times) X > Y > (2 times) A = B > C (once) M2B X(B H C) (H X Y) AX BX X X X X p

Improvements Search space of basic algorithm – Trim the suspect list Improvement I: AS relationship – Basic algorithm neighborset – Valley free – Trim the neighorset on “trustworthy” ASes Improvement II: excluding “innocent” ASes Two improvements may introduce false negative 13

Evaluation Three sets of experiments: – Simulating synthetic prefix hijacking events – Reconstructed previous known hijacking events – Real prefix hijacking events 14

Simulating Synthetic Prefix Hijacking Events Hijacker h and source s from 73 Planetlab nodes – Target prefix t – Multiple Origin ASes (MOAS) prefix – Single Origin Ases with large traffic – Popular website (based on Alexa ranking) Emulate all possible hijacking events – Based on the combination of (s, h, t) – Imposture, interception, and malicious (countermeasure) cases Monitor selection – From Planetlab nodes – Based on the target prefix 15

Effectiveness and Improvement The accuracy of basic algorithm is 85%+ Combine both improvements, the accuracy is up to 94.3% False negative ratio is relatively low. 16

Reconstruct Previously-known Hijacking Events 7 hijacking events Locate all hijackers 17

Real Hijacking Events 18 Internet Seattle BerkeleyPittsburgh Cornell Prefix: /22 victim hijacker

Real Hijacking Events (cont.) 19

Conclusion LOCK to locate prefix hijacker ASes – First study of hijacker location problem – Locate the hijacker even when countermeasures are engaged – Extensively evaluation illustrates high location accuracy 20

Acknowledgement Authors Tongqing Qiu and Jun (Jim) Xu would like to acknowledge the generous support from the NSF CyberTrust program (specifically CNS ) 21

Thanks You! Questions 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.