Handling Network Attacks Exploiting Routing Information Asymmetries
Abstract:
The Internet layer has always been an attractive attack surface. Particularly, network attacks often exploit specific routing information obtained from the operations of the de facto standard Internet protocols (i.e., IP and BGP) to ultimately target protocols in other layers. In such attacks, adversaries have asymmetric advantages in routing information, e.g., more accurate routing information or faster route-learning capability than the targeted systems. Unfortunately, a routing information asymmetry can create an imbalance of capability between an adversary and a victim system, often making it impossible to defend the attacks with existing network countermeasures alone. Identifying exploitable routing information asymmetries for proactively mitigating the attacks is, therefore, crucial.
In this dissertation, we present two powerful network attacks that exploit subtle route information asymmetries and discuss how to handle them. First, we present an adaptive link-flooding attack against the state-of-the-art rerouting-based link-flooding defense. A recently proposed rerouting-based defense enables a target network to mitigate link-flooding attacks by allowing it to dynamically control its inbound traffic routes and avoid any congested link in the Internet. We show that an adaptive link-flooding adversary can, however, quickly discover the victim-created detour path in real-time and immediately congest it again. The collected routing information offers the adversary an asymmetric advantage because the same information becomes available to the victim after several minutes of delay, rendering prompt defensive actions difficult.
Second, we present a stealthy partitioning attack against the Bitcoin peer-to-peer network, which can be launched by network adversaries, such as malicious ISPs. In this attack, an adversary creates a large number of Sybil identities and uses them to slowly partition a targeted Bitcoin node. Those Sybil identities are the results of a routing information asymmetry, in which the adversary can learn the routing paths from the victim while existing Bitcoin nodes cannot. We show that major network adversaries (e.g., top-100 ISPs) can mount successful attacks against the vast majority of the Bitcoin nodes.
Finally, we present a cross-layer defense strategy against the presented novel Bitcoin partitioning attack as an example of handling network attacks exploiting routing information asymmetries. In particular, we incorporate selected Internet routing information into a fine-tuned peering algorithm of Bitcoin application and show that this cross-layer defense approach is highly effective in mitigating the presented attacks.