Routing Attack Vulnerability Evaluation for Networks

The Internet is a critical infrastructure that is composed of tens of thousands of networks and is required to work reliably 24/7. An integral functionality to achieve this is stable, efficient, and secure routing of data traffic across several network domains. The current inter-domain routing protocol, BGP, facilitates the exchange of control-plane information (i.e. reachability of Internet resources over network paths) in a scalable and expressive manner; however, the lack of inherent security (e.g. authentication) mechanisms in its design frequently results in routing attacks. The RAVEN project focused on BGP prefix hijacking attacks, where a network, either due to malicious intent or because of a misconfiguration, advertises fraudulent/invalid information to the BGP routers of other networks; this information is propagated to the entire Internet, eventually leading to traffic being directed to invalid destinations (ending up dropped or intercepted and manipulated). Available proactive defenses are typically limited and inefficient. Furthermore, network operators cannot even measure how exposed their networks are to hijacking attempts, as well as their potential impact. RAVEN addressed exactly this need and built a Proof of Concept (PoC) of a BGP hijacking vulnerability assessment service employing accurate simulations. We evaluated our PoC using real-world historical measurements and showed that it produces accurate results. In addition, we investigated key challenges towards the commercialization of such a service.