vYQq82iGFddm4Oh05E46HmWkf7CI3dFT83osBw1yLVKuLuacCfZad0p7orUsXLpEjDRho2xspKos6AwluJvy0A

TAMU-ECE-2009-01




12 views

Unformatted text preview:

A FRAMEWORK FOR DEFENDING AGAINST PREFIX HIJACK ATTACKS A Thesis by KRISHNA CHAITANYA TADI Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE May 2009 Major Subject: Computer Engineering A FRAMEWORK FOR DEFENDING AGAINST PREFIX HIJACK ATTACKS A Thesis by KRISHNA CHAITANYA TADI Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Approved by: Chair of Committee, Narasimha Reddy Committee Members, Alexander Sprintson Riccardo Bettati Head of Department, Costas N. Georghiades May 2009 Major Subject: Computer Engineering iii ABSTRACT A Framework for Defending against Prefix Hijack Attacks. (May 2009) Krishna Chaitanya Tadi, B.E., Jawaharlal Nehru Technological University Chair of Advisory Committee: Dr. Narasimha Reddy Border Gateway Protocol (BGP) prefix hijacking is a serious problem in the Internet today. Although there are several services being offered to detect a prefix hijack, there has been little work done to prevent a hijack or to continue providing network service during a prefix hijack attack. This thesis proposes a novel framework to provide defense against prefix hijacking which can be offered as a service by Content Distribution Networks and large Internet Service Providers. Our experiments revealed that the hijack success rate reduced from 90.36% to 30.53% at Tier 2, 84.65% to 10.98% at Tier 3 and 82.45% to 8.39% at Tier 4 using Autonomous Systems (ASs) of Akamai as Hijack Prevention Service Provider. We also observed that 70% of the data captured by Hijack Prevention Service Provider (HPSP) can be routed back to Victim. However if we use tunneling, i.e. trying to route data to neighbors of Victims which in turn sends the traffic to Victims, we observed that data can be routed to Victim 98.09% of the time. Also, the cost of such redirection is minimal, since the average increase in path length was observed to be 2.07 AS hops. iv To my Parents 20 impact/resilience. Akamai with its heavy presence in Tier 2, or major ISP‟s such as AT&T with large AS presence in Tier 2 networks can cause high impact in the case of a hijack. This is one of the major reasons to choose Akamai and AT&T for analyzing our framework. Figure 10. Resilience/Impact of Nodes in Different Tiers [6] Our prefix hijack threat model assumes the following: (i) An attacker can hijack TCP connection between peers. (ii) An attacker can modify updates, delay or delete them. (iii) An attacker can get access/control to a BGP router and generate false advertisements of prefixes that it does not own or generate non authentic updates. 21 CHAPTER IV PREFIX HIJACK INCIDENTS CASE STUDY There have been several incidents of prefix hijacking due to router misconfiguration. RIPE [19] reports an incident involving prefix hijacking of YouTube on 24 February 2008. AS 36561 (Authentic AS) announces prefix 208.65.152.0/22 belonging to YouTube. Pakistan Telecom (AS 17557) which was trying to block YouTube in its ...





Loading Unlocking...

Login

Join to view TAMU-ECE-2009-01 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?

Sign Up

Join to view TAMU-ECE-2009-01 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?