RAVEN | Routing Attack Vulnerability Evaluation for Networks

Summary
The Internet is a critical infrastructure that is composed of The Internet is a critical infrastructure that is composed of tens of thousands of networks and is required to work reliably 24/7. An integral functionality to achieve this is stable, efficient and secure routing of data traffic across several network domains. The current inter-domain routing protocol, BGP, facilitates the exchange of control-plane information (i.e., reachability of Internet resources over network paths) in a scalable and expressive manner; however, the lack of inherent security (e.g., authentication) mechanisms in its design frequently results in routing attacks. We focus on BGP prefix hijacking attacks, where a network, either due to malicious intent or because of a misconfiguration, advertises fraudulent/invalid information to the BGP routers of other networks; this information is propagated to the entire Internet, eventually leading to traffic being directed to invalid destinations (ending up dropped or intercepted and manipulated). Available proactive defenses are typically limited and inefficient. In our previous work, we have developed an advanced production-grade detection and mitigation tool that works reactively to counter these attacks. However, in practice, network operators cannot even measure how exposed their networks are to hijacking attempts, as well as their potential impact. In this project, we address exactly this need and aim to build a Proof of Concept (PoC) of a BGP hijacking vulnerability assessment service employing real-world experimentation, accurate simulations and realistic emulations. We aim to evaluate this PoC on at least two real networks, and refine its design using feedback from its future users, i.e., the network operators. We further plan to investigate key challenges towards the commercialization of such a service, namely estimating the costs for rolling out a global peering infrastructure that is needed, and defining the associated product offering.
Unfold all
/
Fold all
More information & hyperlinks
Web resources: https://cordis.europa.eu/project/id/875671
Start date: 01-07-2020
End date: 31-12-2021
Total budget - Public funding: - 150 000,00 Euro
Cordis data

Original description

The Internet is a critical infrastructure that is composed of The Internet is a critical infrastructure that is composed of tens of thousands of networks and is required to work reliably 24/7. An integral functionality to achieve this is stable, efficient and secure routing of data traffic across several network domains. The current inter-domain routing protocol, BGP, facilitates the exchange of control-plane information (i.e., reachability of Internet resources over network paths) in a scalable and expressive manner; however, the lack of inherent security (e.g., authentication) mechanisms in its design frequently results in routing attacks. We focus on BGP prefix hijacking attacks, where a network, either due to malicious intent or because of a misconfiguration, advertises fraudulent/invalid information to the BGP routers of other networks; this information is propagated to the entire Internet, eventually leading to traffic being directed to invalid destinations (ending up dropped or intercepted and manipulated). Available proactive defenses are typically limited and inefficient. In our previous work, we have developed an advanced production-grade detection and mitigation tool that works reactively to counter these attacks. However, in practice, network operators cannot even measure how exposed their networks are to hijacking attempts, as well as their potential impact. In this project, we address exactly this need and aim to build a Proof of Concept (PoC) of a BGP hijacking vulnerability assessment service employing real-world experimentation, accurate simulations and realistic emulations. We aim to evaluate this PoC on at least two real networks, and refine its design using feedback from its future users, i.e., the network operators. We further plan to investigate key challenges towards the commercialization of such a service, namely estimating the costs for rolling out a global peering infrastructure that is needed, and defining the associated product offering.

Status

CLOSED

Call topic

ERC-2019-POC

Update Date

27-04-2024
Images
No images available.
Geographical location(s)
Structured mapping
Unfold all
/
Fold all
Horizon 2020
H2020-EU.1. EXCELLENT SCIENCE
H2020-EU.1.1. EXCELLENT SCIENCE - European Research Council (ERC)
ERC-2019
ERC-2019-PoC