It bends but would it break? : topological analysis of BGP infrastructures in Europe

Frey, Sylvain Andre Francis and El Khatib, Yehia and Rashid, Awais and Szmagalska-Follis, Karolina and Vidler, John Edward and Race, Nicholas John Paul and Edwards, Christopher James (2016) It bends but would it break? : topological analysis of BGP infrastructures in Europe. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P) :. IEEE, pp. 423-438. ISBN 9781509017515

[thumbnail of EuroSnP]
Preview
PDF (EuroSnP)
EuroSnP.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (1MB)

Abstract

The Internet is often thought to be a model of resilience, due to a decentralised, organically-grown architecture. This paper puts this perception into perspective through the results of a security analysis of the Border Gateway Protocol (BGP) routing infrastructure. BGP is a fundamental Internet protocol and its intrinsic fragilities have been highlighted extensively in the literature. A seldom studied aspect is how robust the BGP infrastructure actually is as a result of nearly three decades of perpetual growth. Although global black-outs seem unlikely, local security events raise growing concerns on the robustness of the backbone. In order to better protect this critical infrastructure, it is crucial to understand its topology in the context of the weaknesses of BGP and to identify possible security scenarios. Firstly, we establish a comprehensive threat model that classifies main attack vectors, including but non limited to BGP vulnerabilities. We then construct maps of the European BGP backbone based on publicly available routing data. We analyse the topology of the backbone and establish several disruption scenarios that highlight the possible consequences of different types of attacks, for different attack capabilities. We also discuss existing mitigation and recovery strategies, and we propose improvements to enhance the robustness and resilience of the backbone. To our knowledge, this study is the first to combine a comprehensive threat analysis of BGP infrastructures withadvanced network topology considerations. We find that the BGP infrastructure is at higher risk than already understood, due to topologies that remain vulnerable to certain targeted attacks as a result of organic deployment over the years. Significant parts of the system are still uncharted territory, which warrants further investigation in this direction.

Item Type:
Contribution in Book/Report/Proceedings
Additional Information:
©2016 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
ID Code:
77566
Deposited By:
Deposited On:
07 Jan 2016 13:02
Refereed?:
Yes
Published?:
Published
Last Modified:
23 Nov 2024 01:58