An Evaluation of Architectural Threats to Internet Routing

The Internet is an integral part of today’s way of life and a critical business infrastructure at the same time. Since its early beginnings, resilience has been embedded deeply into the fabric of Internet routing. It is highly resistant against random outages and, in theory, immune to major blackouts. To sustain this quality, routers constantly exchange network reachability information to identify cost-efficient routes and to re-route around failures. A distributed routing table updated by individual peers serves to disseminate the necessary information. In practice, this process lacks a reliable route validation scheme and is based on mutual trust. As a consequence, any Internet participant can, accidentially or deliberately, advertise false routes and globally attract traffic destined to arbitrary networks. In April 1997, a minor operating error committed by a small Internet service provider led to the first global Internet failure. Since then, much effort has been invested to study and prevent such accidential events. A huge body of related work emerged to detect and analyze attacks that aim to disrupt connectivity of individual networks. However, state-of-theart techniques focus on common attack scenarios and mostly neglect more sophisticated variants. Even though a comprehensive solution to secure Internet routing has been under development for nearly a decade, its completion and adoption is not yet on the horizon. In this thesis, we address research questions to evaluate the actual threat of routing attacks. We establish a solid background on Internet operations and derive a rigorous routing model to study different types of attacks. To close the detection gap in related work, we develop novel techniques that draw on a variety of data sources. More importantly, we apply these concepts under realistic conditions and assess the risk potential of different attacks in great detail. We learn that there is a real threat and conduct forensic case studies on specific incidents to put the results into perspective. Based on a rich set of lessons learned, we design a comprehensive framework to monitor the global routing system in real-time. The work presented with this thesis offers great potential for future development. It opens up new research directions towards a reliable mitigation of attacks and can support the development of a secure routing architecture for the Internet. At the same time, the presented routing model is of general nature and applicable to a broader area of research. This thesis may thus foster new and innovative techniques to analyze Internet routing. AN EVALUATION OF ARCHITECTURAL THREATS TO INTERNET ROUTING