BGP is the Border Gateway Protocol. It is the protocol used to carry the best paths for sending data across autonomous systems (ASes). An autonomous system is a group of IP routing prefixes under the administrative control of a network operator and treated as a single routing entity by the Internet[1].
BGP hijacking, briefly, is a critical security threat to the Internet routing protocol In BGP hijacking, an adversary seizes control of aggregates of IP addresses by compromising Internet routing tables. The attacker achieves this by issuing a fraudulent announcement in BGP claiming ownership of IP prefixes aggregates of IP addresses it does not own[2].
This is equivalent to stealing road signs to send traffic to the wrong location. BGP hijacking can have serious consequences. An attacker can divert traffic through malicious routers and perform or inject malicious data, leading to theft of service, data, and other security vulnerabilities. Several security techniques can be used to reduce BGP hijacking risk[1]. One of these is Resource Public Key Infrastructure (RPKI), which uses cryptographically secured certificates to verify the legitimate ownership of blocks of IP addresses. RPKI is not widely used yet; until it is more widely adopted, BGP hijacking remains a risk[2].
The motivations behind BGP hijacking are varied and can range from benign misconfigurations to malicious intent by rerouting traffic, data manipulation, or service denial. Attackers can eavesdrop on sensitive data, which could include secrets and personal information. BGP hijacking has the potential to inundate a service with traffic, resulting in a denial of service by taking it offline and disrupting operations. Furthermore, it enables attackers to eavesdrop on communications without the sender and recipient's knowledge. Once in command of the traffic, attackers can manipulate the transmitted or received data, potentially for malicious purposes such as injecting malware, falsifying data, or corrupting information[1][2].
Real-world incidents where BGP hijacking has caused disruptions
Pulling off a successful BGP hijack attack is no easy feat, but having the backing of a complicit and preferably large-scale ISP can make it much more achievable. These days, most BGP hijacks are orchestrated by government agencies or large transnational criminal organizations that have sway over strategically positioned ISPs[3]. Incidents could be caused by mistakes in using routing or, seriously indeed. For example;
· Pakistan Telecom hijacking:
in 2008, the Tier 1 AS for Pakistan accidentally hijacked all YouTube traffic for several hours when administrators made mistakes in using routing to censor a clip considered non-Islamic[3].
· China Telecom’s BGP hijacking:
China Telecom has been accused of using its network infrastructure in North America to redirect US and cross-US internet traffic to China. According to Demchak and Shavitt [3], this involved rerouting traffic over extended periods of time, such as the April 8th, 2010 incident, something unprecedented happened. China Telecom hijacked a staggering 15% of the Internet's traffic for 18 minutes. This incident raised suspicions of it being a massive experiment to control traffic flows. The repercussions were far-reaching, affecting regular web traffic and disrupting specific routes to U.S. government and military websites with domains ending in '.gov' and '.mil'.
· Route53 Amazon DNS servers hijacking:
In April 2018, a Russian provider made a shocking announcement - they had taken control of IP addresses belonging to Route53 Amazon DNS servers. This led to a major security breach, with users trying to access a cryptocurrency site being redirected to a fake version of the website set up by hackers. A whopping $152,000 worth of cryptocurrency was stolen. The hackers achieved this by hijacking Amazon DNS queries through BGP manipulation, essentially rerouting traffic to servers they controlled. This devious tactic allowed them to return the wrong IP address for myetherwallet.com and direct unsuspecting users to the counterfeit website for about 1,300 IP addresses have been rerouted, allow the attackers to stole cryptocurrency from users of the MyEtherWallet service1[4].
An attacker can perform BGP hijacking
BGP man-in-the-middle (MITM) attacks are a serious threat. These attacks occur when a malicious actor intercepts BGP messages between routers and manipulates the routing information. By impersonating a legitimate AS, the attacker can redirect traffic, eavesdrop on communication, or inject harmful content into the network.
These nefarious activities pose significant risks, including unauthorized access to sensitive information and compromised network integrity. The diagram below shows the BGP hijacking; the Blue arrows show the Users path, and the Black arrows show the Attacker.
Diagram 1: BGP Hijacking
The attacker can intercept, manipulate, or block this traffic. The diagram above shows all these ways. The traffic intercepts the attacker and intercepts the communication at 1; second, the traffic blocks the attacker at 2 blocks the traffic. Third, in traffic manipulation at 3, the attacker establishes BGP peering with a legitimate AS, and then the legitimate routers start forwarding traffic to the attacker’s addresses.
To significantly reduce the risk of BGP hijacks, it's crucial to enhance the security of your network infrastructure and minimize your attack surface. This proactive approach plays a key role in safeguarding your network from potential threats; the proactivity can be by:
Implement RPKI is a cryptographic framework that uses digital signatures to create Route Origin Authorizations (ROAs), binding IP address prefixes to specific Autonomous Systems. Routers rely on authorized ROAs to verify the authenticity of BGP route announcements, preventing the propagation of unauthorized or invalid routes. Moreover, Implement BGP Security (BGPsec), is like a security shield for BGP, ensuring that the routing information it receives is legitimate. Adding cryptographic signatures to BGP messages validates the origin and path of BGP updates, ensuring that routers and network entities only accept secure and reliable routing information[5].
Also, Implementing BGP route refresh is a game-changing feature that empowers BGP routers to update their routing tables seamlessly without the need to close and reestablish BGP sessions. This means improved network stability, reduced impact of misconfigurations, and enhanced integrity of the BGP routing infrastructure. With BGP route refresh, operators can dynamically refresh routing information between BGP peers, ensuring uninterrupted operations. Additionally, it allows for quick correction of misconfigured routes, significantly minimizing the risk of routing leaks and upholding a secure BGP environment[5].
Securing authentication and session establishment is vital to keep BGP routers and network entities safe from unauthorized access. Admins should enforce strict policies, such as avoiding password reuse and enabling multi-factor authentication (MFA) for added protection. Using cryptographic algorithms like MD5 or SHA-256 can verify the identity of BGP peers. Regularly updating authentication keys and using IPsec or TLS further enhances security, ensuring confidentiality and integrity of communication. These measures are essential to keep your network safe and secure[5].
Furthermore, Protecting your network from unauthorized route advertisements is crucial. By using prefix filtering and route validation, you can set strict policies to only accept legitimate routes based on various criteria. This adds a safeguard to BGP routers, reducing the risk of unintended or malicious route propagation. For example, you can block route announcements from specific AS numbers to ensure they don't propagate across your network. Regularly validating received routes against authorized ROAs adds an extra layer of protection, ensuring that only valid routes are allowed and unauthorized ones are dropped before they can cause any harm[5].
IPSec is a collection of protocols and mechanisms designed to provide confidentiality, authentication, message integrity, and replay detection at the IP layer. It aims to ensure secure communication across IP networks by offering cryptographic security services[6]. While IPSec can enhance the security of data packets in transit through encryption and authentication, it does not directly tackle the issue of BGP hijacking, BGP hijacking occurs when IP prefixes are illegitimately announced, leading to the misdirection of traffic at the routing level[5].
As I mentioned before, the IPSec enhances the security of data during transit and can help secure BGP sessions from interception. However, it does not provide protection against the dissemination of false routing information associated with BGP hijacking. For comprehensive defense against BGP hijacking, it is advisable to employ a combination of RPKI, BGPsec, and best practices in network management.
Mechanisms like RPKI and BGPsec are essential in ensuring the security of network protocols. RPKI validates the ownership of IP prefixes to ensure that only legitimate prefixes are advertised. Meanwhile, BGPsec enhances the security of BGP updates by employing digital signatures to protect their path.
Conclusion
BGP, as a fundamental protocol for the internet, faces various security vulnerabilities, including BGP hijacking. These attacks can result in severe consequences such as traffic redirection, service disruptions, data interception, denial-of-service attacks, and even national security risks.
To effectively combat BGP hijacks, organizations should employ proactive measures such as route monitoring, anomaly detection, BGP path analysis, and collaborative detection initiatives. Furthermore, implementing RPKI and BGPsec, establishing prefix filtering, and utilizing strong authentication methods can significantly bolster the overall security of a BGP infrastructure. It's important to note that BGP hijacking can also be leveraged to orchestrate denial-of-service attacks by inundating a service with excessive traffic, as well as for espionage and data manipulation purposes.
References
[1] L. Mastilak, M. Galinski, P. Helebrandt, I. Kotuliak, and M. Ries, “Enhancing Border Gateway Protocol Security Using Public Blockchain,” Sensors, vol. 20, no. 16, p. 4482, Aug. 2020, doi: 10.3390/s20164482.
[2] S. Cho, R. Fontugne, K. Cho, A. Dainotti, and P. Gill, “BGP hijacking classification,” 2019 Network Traffic Measurement and Analysis Conference (TMA), Jun. 2019, doi: 10.23919/tma.2019.8784511.
[3] C. Demchak and Y. Shavitt, “China’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’s BGP Hijacking,” Military Cyber Affairs, vol. 3, no. 1, Jun. 2018, doi: 10.5038/2378-0789.3.1.1050.
[4] “Connect, Protect and Build Everywhere | Cloudflare.” https://www.cloudflare.com
[5] “What is BGP Hijacking? | How to detect & Avoid BGP Hijacks,” Site24x7. https://www.site24x7.com/learn/bgp-hijacking.html
[6] Bishop, M. A. (2003). Computer Security: Art and Science (2nd ed.). Addison-Wesley Professional.
Opmerkingen