Skip to main content
QUICK REVIEW

[Paper Review] An Internet-Scale Feasibility Study of BGP Poisoning as a Security Primitive.

Jared M. Smith, Kyle Birkeland|arXiv (Cornell University)|Nov 8, 2018
Network Security and Intrusion Detection16 references3 citations
TL;DR

This paper conducts an Internet-scale empirical study of BGP poisoning as a security primitive, measuring over 1,400 real-world instances across thousands of ASes to evaluate path steering feasibility. It reveals that real-world BGP poisoning behavior diverges from simulated models, exposes vulnerabilities across AS types, and establishes predictive models and path-length bounds critical for future security research.

ABSTRACT

The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in BGP poisoning usage as a security primitive, we set out to evaluate poisoning feasibility in practice beyond simulation. To that end, using an Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We analyze in detail the performance of steering paths, the graph-theoretic aspects of available paths, and re-evaluate simulated systems with this data. We find that the real-world evidence does not completely support the findings from simulated systems published in the literature. We also analyze filtering of BGP poisoning across types of ASes and ISP working groups. We explore the connectivity concerns when poisoning by reproducing a decade old experiment to uncover the current state of an Internet triple the size. We build predictive models for understanding an ASes' vulnerability to poisoning. Finally, an exhaustive measurement of an upper bound on the maximum path length of the Internet is presented, detailing how security research should react to ASes leveraging poisoned long paths. In total, our results and analysis expose the real-world impact of BGP poisoning on past and future security research.

Motivation & Objective

  • To evaluate the real-world feasibility of BGP poisoning as a security primitive beyond simulation-based studies.
  • To understand how BGP poisoning influences return path selection in production Internet routing.
  • To assess the impact of filtering policies and ISP group practices on BGP poisoning propagation.
  • To measure the current state of Internet connectivity and path diversity using a decade-old experiment framework.
  • To build predictive models for AS vulnerability to BGP poisoning and establish upper bounds on path length.

Proposed method

  • Deployed an Internet-scale measurement infrastructure to capture and analyze over 1,400 BGP poisoning instances across thousands of Autonomous Systems (ASes).
  • Collected and analyzed BGP update streams to reconstruct path steering behavior and evaluate performance of alternative return paths.
  • Applied graph-theoretic analysis to model available path topologies and assess structural properties of poisoned routes.
  • Reproduced a decade-old experiment to assess current Internet connectivity and path diversity, now at triple the scale.
  • Developed predictive models to estimate an AS’s vulnerability to BGP poisoning based on topological and policy characteristics.
  • Measured the maximum path length in the Internet to establish an upper bound for security research involving long poisoned paths.

Experimental results

Research questions

  • RQ1How feasible is BGP poisoning in real-world Internet deployments compared to simulated environments?
  • RQ2What are the performance characteristics and reliability of BGP poisoning for steering return paths?
  • RQ3How do different types of ASes and ISP working groups filter or respond to BGP poisoning attempts?
  • RQ4What is the current state of Internet connectivity and path diversity, particularly in terms of long paths?
  • RQ5To what extent can AS vulnerability to BGP poisoning be predicted using topological and policy-based features?

Key findings

  • Real-world BGP poisoning behavior does not fully align with findings from simulated systems, indicating that prior simulations may overestimate or misrepresent practical feasibility.
  • A significant number of ASes remain vulnerable to BGP poisoning, with filtering practices varying widely across ISP groups and AS types.
  • The maximum observed path length in the Internet exceeds previous estimates, suggesting that long poisoned paths are a realistic concern for security research.
  • Predictive models for AS vulnerability to BGP poisoning achieve measurable accuracy, enabling identification of high-risk networks.
  • Reproduction of a decade-old experiment reveals that the Internet has tripled in size, with increased path diversity and complexity affecting poisoning outcomes.
  • Connectivity concerns persist when poisoning is used to route traffic over long or suboptimal paths, particularly in the presence of routing policy constraints.

Better researchstarts right now

From paper design to paper writing, dramatically reduce your research time.

No credit card · Free plan available

This review was created by AI and reviewed by human editors.