[论文解读] An Internet-Scale Feasibility Study of BGP Poisoning as a Security Primitive.
本文对 BGP 毒化作为安全原原子进行了大规模互联网实证研究,测量了跨数千个自治系统(AS)的超过 1,400 个真实世界实例,以评估路径引导的可行性。研究发现,现实世界中的 BGP 毒化行为与仿真模型存在差异,暴露了各类 AS 类型中的漏洞,并建立了对未来安全研究至关重要的预测模型和路径长度上限。
The security of the Internet's routing infrastructure has underpinned much of the past two decades of distributed systems security research. However, the converse is increasingly true. Routing and path decisions are now important for the security properties of systems built on top of the Internet. In particular, BGP poisoning leverages the de facto routing protocol between Autonomous Systems (ASes) to maneuver the return paths of upstream networks onto previously unusable, new paths. These new paths can be used to avoid congestion, censors, geo-political boundaries, or any feature of the topology which can be expressed at an AS-level. Given the increase in BGP poisoning usage as a security primitive, we set out to evaluate poisoning feasibility in practice beyond simulation. To that end, using an Internet-scale measurement infrastructure, we capture and analyze over 1,400 instances of BGP poisoning across thousands of ASes as a mechanism to maneuver return paths of traffic. We analyze in detail the performance of steering paths, the graph-theoretic aspects of available paths, and re-evaluate simulated systems with this data. We find that the real-world evidence does not completely support the findings from simulated systems published in the literature. We also analyze filtering of BGP poisoning across types of ASes and ISP working groups. We explore the connectivity concerns when poisoning by reproducing a decade old experiment to uncover the current state of an Internet triple the size. We build predictive models for understanding an ASes' vulnerability to poisoning. Finally, an exhaustive measurement of an upper bound on the maximum path length of the Internet is presented, detailing how security research should react to ASes leveraging poisoned long paths. In total, our results and analysis expose the real-world impact of BGP poisoning on past and future security research.
研究动机与目标
- 评估 BGP 毒化作为安全原原子在真实世界部署中的可行性,超越基于仿真的研究。
- 理解 BGP 毒化在实际互联网路由中对返回路径选择的影响。
- 评估过滤策略和 ISP 团体实践对 BGP 毒化传播的影响。
- 使用十年历史的实验框架,测量当前互联网连接性和路径多样性状态。
- 构建预测模型以评估 AS 对 BGP 毒化的脆弱性,并确立路径长度的上限。
提出的方法
- 部署大规模互联网测量基础设施,捕获并分析跨数千个自治系统(AS)的超过 1,400 个 BGP 毒化实例。
- 收集并分析 BGP 更新流,以重建路径引导行为,并评估备选返回路径的性能。
- 应用图论分析,对可用路径拓扑建模,并评估污染路由的结构性质。
- 重现一项十年前的实验,以评估当前互联网的连接性和路径多样性,规模现已扩大三倍。
- 开发预测模型,基于拓扑和策略特征估算 AS 对 BGP 毒化的脆弱性。
- 测量互联网中的最大路径长度,以确立涉及长路径污染的安全研究的上限。
实验结果
研究问题
- RQ1与仿真环境相比,BGP 毒化在真实世界互联网部署中的可行性如何?
- RQ2BGP 毒化在引导返回路径方面的性能特征和可靠性如何?
- RQ3不同类型的 AS 和 ISP 工作组如何过滤或响应 BGP 毒化尝试?
- RQ4当前互联网的连接性和路径多样性状态如何,特别是长路径方面?
- RQ5能否通过拓扑和策略特征,有效预测 AS 对 BGP 毒化的脆弱性?
主要发现
- 现实世界中的 BGP 毒化行为与仿真系统中的发现不完全一致,表明先前的仿真可能高估或错误描述了实际可行性。
- 大量 AS 仍对 BGP 毒化保持脆弱,其过滤实践在不同 ISP 团体和 AS 类型之间存在显著差异。
- 互联网中观察到的最大路径长度超过先前估计,表明长路径污染是安全研究中一个现实存在的风险。
- 基于拓扑和策略特征的 AS 毒化脆弱性预测模型具有可测量的准确性,可识别高风险网络。
- 重现十年前的实验表明,互联网规模已扩大三倍,路径多样性与复杂性增加,影响了毒化结果。
- 当使用 BGP 毒化将流量引导至长路径或次优路径时,连接性问题依然存在,尤其是在存在路由策略约束的情况下。
更好的研究,从现在开始
从论文设计到论文写作,大幅缩短您的研究时间。
无需绑定信用卡
本解读由 AI 生成,并经人工编辑审核。