Understanding the Capabilities of Route Collectors to Observe Stealthy Hijacks
Does adding more monitors or reporting more paths help?
Time: Tue 2022-06-14 10.00
Subject area: Information and Communication Technology
Doctoral student: Alexandros Milolidakis , Programvaruteknik och datorsystem, SCS
Opponent: Associate Professor Alberto Dainotti, Georgia Institute of Technology, School of Computer Science
Supervisor: Professor Dejan Manojlo Kostic, Programvaruteknik och datorsystem, SCS; Associate Professor Marco Chiesa, Programvaruteknik och datorsystem, SCS
Routing hijacks have plagued the Internet for decades. These attacks corrupt the routing table entries that networks use to forward traffic, causing affected network devices to route private and possibly sensitive Internet traffic towards the hijacker.
Despite many failed attempts to thwart hijackers, recent Internet-wide routing monitoring infrastructures give us hope that future systems can quickly and ultimately mitigate hijacks. Such monitoring infrastructures consist of multiple globally distributed monitoring entities, called Route Collectors. To enable the whole community to monitor the validity and stability of the exchanged routing information, network volunteers disclose their routes to public route collectors. However, hijackers can also exploit this information to avoid being reported to route collectors.
This thesis evaluates the effectiveness of monitoring infrastructures against two kinds of hijack scenarios: (i) an omniscient attacker with complete knowledge of both the Internet topology and the routing preferences of networks, and (ii) a realistic attacker which lacks such knowledge but gathers routing information from what networks themselves disclose to the public route collectors.
Prior simulations showed that hijacks that affect more than 2% of the Internet are always visible to the public route collector infrastructure. However, our simulations show that omniscient and realistic hijackers that react to the deployment of public collectors could stealthily hijack up to 11.7× more (i.e., 23.5%) and 8.1× (i.e., 16.2%) more of the Internet (respectively) without being observed by the existing public route collector infrastructure.
Having evaluated the effectiveness of the existing public route collector infrastructure with current Internet datasets, we evaluated the effectiveness in realistic future scenarios of (i) more interconnected (flatter) Internet topologies as well as (ii) topologies where more network volunteers disclose their routes to the public collectors. Unfortunately, both types of hijackers are more effective in flatter Internet topologies. Omniscient hijackers could stealthily hijack up to 24.5× (i.e., 49.0%) more of the Internet while realistic hijackers up to 22.7× (i.e., 45.5%) more without being observed by route collectors. In topologies with up to 4× more volunteers disclosing their routes to the public route collectors, hijackers could react to these new monitors by modifying their attacks to stealthily hijack up to 4× (i.e., 8.2%) and 2.9× (i.e., 5.9%) more of the Internet (respectively).
Finally, we conclude with an analysis of two suggestions for improving the existing public route collector infrastructure: (i) selecting new network volunteers in more strategic locations and (ii) having volunteers disclose more routes to the route collectors. We hope that our findings in simulations will help towards the design of more reliable public route monitoring infrastructures.