A FRAMEWORK FOR DEFENDING AGAINST PREFIX HIJACK ATTACKS A Thesis by KRISHNA CHAITANYA TADI Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE May 2009 Major Subject: Computer EngineeringA FRAMEWORK FOR DEFENDING AGAINST PREFIX HIJACK ATTACKS A Thesis by KRISHNA CHAITANYA TADI Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Approved by: Chair of Committee, Narasimha Reddy Committee Members, Alexander Sprintson Riccardo Bettati Head of Department, Costas N. Georghiades May 2009 Major Subject: Computer Engineeringiii ABSTRACT A Framework for Defending against Prefix Hijack Attacks. (May 2009) Krishna Chaitanya Tadi, B.E., Jawaharlal Nehru Technological University Chair of Advisory Committee: Dr. Narasimha Reddy Border Gateway Protocol (BGP) prefix hijacking is a serious problem in the Internet today. Although there are several services being offered to detect a prefix hijack, there has been little work done to prevent a hijack or to continue providing network service during a prefix hijack attack. This thesis proposes a novel framework to provide defense against prefix hijacking which can be offered as a service by Content Distribution Networks and large Internet Service Providers. Our experiments revealed that the hijack success rate reduced from 90.36% to 30.53% at Tier 2, 84.65% to 10.98% at Tier 3 and 82.45% to 8.39% at Tier 4 using Autonomous Systems (ASs) of Akamai as Hijack Prevention Service Provider. We also observed that 70% of the data captured by Hijack Prevention Service Provider (HPSP) can be routed back to Victim. However if we use tunneling, i.e. trying to route data to neighbors of Victims which in turn sends the traffic to Victims, we observed that data can be routed to Victim 98.09% of the time. Also, the cost of such redirection is minimal, since the average increase in path length was observed to be 2.07 AS hops.iv To my Parentsv ACKNOWLEDGEMENTS I would like thank my advisor, Dr. A. L. Narasimha Reddy, for accepting me into his research team. He has been an excellent guide and mentor throughout my research. I would also like to thank Dr. Alexander Sprintson and Dr. Riccardo Bettati for their willingness to serve in my committee. I will always be grateful to Dr. John D. Oswald for his efforts to provide me a Graduate Assistantship throughout my course of study at Texas A&M University. I would also like to thank my parents who have been a continuous source of encouragement throughout my thesis work. Finally, I would like to thank other members of Dr. Reddy‟s research group and staff of the Computer Engineering group who directly or indirectly contributed to and had an influence on my research.vi NOMENCLATURE ARIN American Registry for Internet Numbers AS Autonomous System ASN Autonomous System Number ASPP Autonomous System Path Prepending BGP Border Gateway Protocol CAIDA Cooperative Association for Internet Data Analysis CDN Content Distribution Networks CIDR Classless Inter Domain Routing EBGP External Border Gateway Protocol HPSP Hijack Prevention Service Provider IANA Internet Assigned Numbers Authority IBGP Interior Border Gateway Protocol ISP Internet Service Provider MOAS Multiple Origin Autonomous Systems OSPF Open Shortest Path First PHAS Prefix Hijack Alert System RIP Routing Information Protocol RIR Regional Internet Registries WHSR Weighted Hijack Success Ratevii TABLE OF CONTENTS Page ABSTRACT .............................................................................................................. iii DEDICATION .......................................................................................................... iv ACKNOWLEDGEMENTS ...................................................................................... v NOMENCLATURE .................................................................................................. vi TABLE OF CONTENTS .......................................................................................... vii LIST OF FIGURES ................................................................................................... ix LIST OF TABLES .................................................................................................... xi CHAPTER I INTRODUCTION ................................................................................ 1 II BGP ROUTING ................................................................................... 3 III PREFIX HIJACKING .......................................................................... 14 IV PREFIX HIJACK INCIDENTS CASE STUDY ................................. 21 V RELATED WORK ON PREFIX HIJACK DETECTION AND PREVENTION .................................................... 24 VI PROPOSED FRAMEWORK AND RESULTS .................................. 28 Model ............................................................................................. 28 Simulation Setup ............................................................................ 30 Results ............................................................................................ 32 Routing Data from HPSP to Victim ............................................... 44 VII CONCLUSION AND FUTURE WORK ............................................. 50 REFERENCES .......................................................................................................... 51viii Page VITA ......................................................................................................................... 55ix LIST OF FIGURES FIGURE Page 1 Inter Domain Versus Intra Domain Routing .............................................. 4 2 Typical BGP Routing Table ....................................................................... 5 3 BGP Metric Attribute [4]