Skip to main content

SICO: Surgical Interception Attacks by Manipulating BGP Communities

Author(s): Birge-Lee, Henry; Wang, Liang; Rexford, Jennifer; Mittal, Prateek

Download
To refer to this page use: http://arks.princeton.edu/ark:/88435/pr1v559
Full metadata record
DC FieldValueLanguage
dc.contributor.authorBirge-Lee, Henry-
dc.contributor.authorWang, Liang-
dc.contributor.authorRexford, Jennifer-
dc.contributor.authorMittal, Prateek-
dc.date.accessioned2021-10-08T19:51:25Z-
dc.date.available2021-10-08T19:51:25Z-
dc.date.issued2019en_US
dc.identifier.citationBirge-Lee, Henry, Liang Wang, Jennifer Rexford, and Prateek Mittal. "SICO: Surgical Interception Attacks by Manipulating BGP Communities." In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (2019): pp. 431-448. doi:10.1145/3319535.3363197en_US
dc.identifier.urihttp://arks.princeton.edu/ark:/88435/pr1v559-
dc.description.abstractThe Border Gateway Protocol (BGP) is the primary routing protocol for the Internet backbone, yet it lacks adequate security mechanisms. While simple BGP hijack attacks only involve an adversary hijacking Internet traffic destined to a victim, more complex and challenging interception attacks require that adversary intercept a victim's traffic and forward it on to the victim. If an interception attack is launched incorrectly, the adversary's attack will disrupt its route to the victim making it impossible to forward packets. To overcome these challenges, we introduce SICO attacks (Surgical Interception using COmmunities): a novel method of launching interception attacks that leverages BGP communities to scope an adversary's attack and ensure a route to the victim. We then show how SICO attacks can be targeted to specific source IP addresses for reducing attack costs. Furthermore, we ethically perform SICO attacks on the real Internet backbone to evaluate their feasibility and effectiveness. Results suggest that SICO attacks can achieve interception even when previously proposed attacks would not be feasible and outperforms them by attracting traffic from an additional 16% of Internet hosts (worst case) and 58% of Internet hosts (best case). Finally, we analyze the Internet topology to find that at least 83% of multi-homed ASes are capable of launching these attacks.en_US
dc.format.extent431 - 448en_US
dc.language.isoen_USen_US
dc.relation.ispartofProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Securityen_US
dc.rightsFinal published version. This is an open access article.en_US
dc.titleSICO: Surgical Interception Attacks by Manipulating BGP Communitiesen_US
dc.typeConference Articleen_US
dc.identifier.doi10.1145/3319535.3363197-
pu.type.symplectichttp://www.symplectic.co.uk/publications/atom-terms/1.0/conference-proceedingen_US

Files in This Item:
File Description SizeFormat 
Sico.pdf1.51 MBAdobe PDFView/Download


Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.