ARTEMIS: Neutralizing BGP Hijacking Within a Minute

Border gateway protocol (BGP) prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches (ranging from RPKI to popular third-party services), none of them solves the problem adequately in practice. In fact, they suffer from: (i)...

Full description

Saved in:
Bibliographic Details
Published in:IEEE/ACM transactions on networking 2018-12, Vol.26 (6), p.2471-2486
Main Authors: Sermpezis, Pavlos, Kotronis, Vasileios, Gigis, Petros, Dimitropoulos, Xenofontas, Cicalese, Danilo, King, Alistair, Dainotti, Alberto
Format: Article
Language:English
Subjects:
Border gateway protocol (BGP) prefix hijacking
Digital media
Flexibility
Hijacking
IEEE transactions
Internet
Internet measurements
Internet routing
Monitoring
network security
Operators
Privacy
Protocols
Routing
Taxonomy
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Border gateway protocol (BGP) prefix hijacking is a critical threat to Internet organizations and users. Despite the availability of several defense approaches (ranging from RPKI to popular third-party services), none of them solves the problem adequately in practice. In fact, they suffer from: (i) lack of detection comprehensiveness, allowing sophisticated attackers to evade detection; (ii) limited accuracy, especially in the case of third-party detection; (iii) delayed verification and mitigation of incidents, reaching up to days; and (iv) lack of privacy and of flexibility in post-hijack counteractions, on the side of network operators. In this paper, we propose ARTEMIS, a defense approach (a) based on accurate and fast detection operated by the autonomous system itself, leveraging the pervasiveness of publicly available BGP monitoring services and their recent shift towards real-time streaming and thus (b) enabling flexible and fast mitigation of hijacking events. Compared to the previous work, our approach combines characteristics desirable to network operators, such as comprehensiveness, accuracy, speed, privacy, and flexibility. Finally, we show through real-world experiments that with the ARTEMIS approach, prefix hijacking can be neutralized within a minute.
ISSN:1063-6692
1558-2566
DOI:10.1109/TNET.2018.2869798