Finding Vulnerable Network
Gadgets in the Internet Topology
Author: Nir Amar
Supervisor: Dr. Gabi Nakibly
Background
 The Internet – composed of some 50,000 autonomous
systems (AS).
 An AS is a collection of networks and routers which are
administered by a single authority, i.e., an ISP, a large
corporation or a university.
 The routing between the different ASes is done using a
protocol called BGP.
BGP and Relationships
 Exchanging network reachability information with other BGP systems.
 Customer → Provider relation – The customer pays to the provider for traffic on the link.
 Peer-to-Peer relation – the link is intended for traffic between two neighbors and their
customers.
 Local Preference – Prefer outgoing paths where the next hop is a customer over peer over
provider. (Shortest Paths, Tie Breaking)
Import, Routing and Export policies
 Upon receiving a route update for a given set of subnets, needs to decide whether to
accept this update
(Import policy)
 If the update is accepted, need to decide whether to use the proposed route.
(routing policy)
 If the this path is chosen for routing, need to determine whether to propagate the update
to the neighboring As’s.
(export policies)
How Secure are Secure Interdomain
Routing Protocols?

Authors

Sharon Goldberg , Michael Schapira, Peter Hummon and Jennifer Rexford.
 Intuition – Shortest Path, Export All
 Counter-Intuitive Attacks
 Attract More by Announcing Longer Paths
 Attract More by Exporting to Less Neighbors
Goal
Attacking BGP
Dst
 BGP Attacks Classification

Attraction – Attract traffic

Interception – eavesdrop or tamper with traffic before forwarding it on to the legitimate destination.
Middle
Src
 Quantifying the impact of attacks

Attraction – Shortest Path, Export All

Interception – Shortest Path, Export All, with Connectivity.
Overall Sequence
User parameters: Topology and Attack
Simulate BGP using the SW model
Assert (Non-deterministic Attack < Intuitive Attack)
ExpiSat
Counter intuitive attack
Findings and Results
Topology Generation
 Time and Memory Consuming
 Two non-deterministic decisions:

How many As'es are in the topology

What is the relation between each As'es pair?
 Characteristics for Reducing Topologies Size
𝑂 4
𝑉 2
.
Topology Generation – Example
Cdcdcsdcdsc
Victim
432
654
236
13030
6757
702
43284
756
Attacker
dscdscdsc
Interception Attack – Intuitive
Cdcdcsdcdsc
Victim
432
654
236
13030
6757
702
43284
756
Attacker
dscdscdsc
Interception Attack – Counter – Intuitive
Cdcdcsdcdsc
Victim
432
654
236
13030
6757
702
43284
756
Attacker
dscdscdsc
Attack Generation – Interception Attack
On Non-Deterministic Topology
Victim
432
654
236
13030
702
43284
756
Attacker
6757
Attraction Attack – Intuitive
Cdcdcsdcdsc
Victim
432
654
236
13030
6757
702
43284
756
Attacker
dscdscdsc
Note
The topology and the attack creation are un-related!
 The user can decide that he have a special topology that he want to find a counterintuitive attack on it. The software allows such thing to happen.
 Same for the case that the user have a specific attack (for example – shortest-pathexport-all attack) that he would like to test it on several topologies.
Conclusion
Find gadgets and
Appropriate "smart / counter-intuitive" attacks
using Software Verification tool
Generating non
deterministic topologies
Succeeded to generate
topologies (up to size 5-6)
in my memory constraints,
Generating non deterministic attacks.
The End.