Research On Inter-Domain Routing Hijacking And Its Countermeasures On The Internet

The Internet is composed of many autonomous systems.At present,these autonomous systems rely on the border gateway protocol(BGP)to ensure communication.Since the BGP protocol did not consider the security verification for the routing information carried in the design,which leads to the frequent routing anomaly-inter-domain routing hijacking with serious impacts.Inter-domain routing hijacking can forge or tamper with the routing information of BGP updates,attracting traffic from more autonomous systems.Consequently,it results in routing blackholes,makes traffic eavesdropped or modified or leads to serious network congestion or outage.In order to effectively defend routing hijackings and ensure the security of Internet communications,researchers have conducted some researches on hijacking defense.Some of them are standardized by the Internet Engineering Task Force(IETF).However,they also introduce some additional cost and maintenance overhead to autonomous systems,and disclose some network configurations.On the current Internet,they are faced with large deployment challenges.Thus they will be partly deployed for a long time.In this transition period,conducting more comprehensive research on inter-domain routing hijacking can help us to defend against and mitigate large-scale hijacking incident effectively,optimize the security mechanisms and accelerate the process of deployment.This article proposes a routing hijacking impact model,and conducts an in-depth analysis of the influences of routing hijackings and the secure routing mechanisms against them.On the one hand,for the direct influences and some indirect influences of routing hijacking,the external performance and internal mechanism of hijacking are analyzed respectively to reveal their possible security threats.On the other hand,we analyze the capabilities of the secure routing mechanism for security improvement and its impact on inter-domain routing stability to guide its progressive deployment strategy.In all,the main research contents and contributions of this article are summarized as follows:· We propose an Internet hierarchical model that comprehensively considers topological location and node connectivity to measure the ability of routing competition.With the help of the model,the threat capabilities of prefix hijacking and man-inthe-middle interception to autonomous systems are analyzed,especially the relationship between network hierarchy and threat capabilities;· We propose a topological structure named Conflict Point for analyzing the impact of hijacking on path length.Besides,we prove the conflict point theorem,which uses single-source routing to predict the impact of multi-source path inflation,revealing the potential effect of routing hijacking on the indirect polluted ASes.Finally,we extend the methodology to apply to optimize the early selection of AS-level anycast sites;· We propose a method to exploit covert attacks on inter-domain links based on route hijacking.The attack effects can be intensified with the technology of poisoned path.Moreover,we analyze the main nature of the inter-domain routing bottlenecks that are common on the Internet and the potential impact of such attack on them;· We propose a stability model of inter-domain security mechanism,i.e.Dispute Chain.Through this proposed structure,we analyze the path stability problems that may be caused when the security mechanism is partially deployed,and give specific analysis and deployment suggestions based on topological characteristics.In addition,the security improvement during partial deployment for some representative mechanisms is analyzed,including RPKI,BGPsec,FSBGP,Path-end verification and ASPA.