Ruwaifa Anwar

Type

Text

Type

Thesis

Advisor

Gill, Phillipa | Das, Samir | Polychronakis, Michalis.

Date

2016-12-01

Keywords

Computer science | BGP, Internet monitoring, Networks, Routing, Security

Department

Department of Computer Science

Language

en_US

Source

This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree.

Identifier

http://hdl.handle.net/11401/77233

Publisher

The Graduate School, Stony Brook University: Stony Brook, NY.

Format

application/pdf

Abstract

Models of Internet routing are critical for studies of Internet security, reliability and evolution, which often rely on simulations of the Internet’s routing system. Accurate models are difficult to build and suffer from a dearth of ground truth data, as ISPs often treat their connectivity and routing policies as trade secrets. In this environment, researchers rely on a number of simplifying assumptions and models proposed over a decade ago, which are widely criticized for their inability to capture routing policies employed in practice. This thesis makes the following two contributions: ◠Investigating Interdomain Routing Policies. First we put Internet topologies and models under the microscope to understand where they fail to capture real routing behavior. We measure data plane paths from thousands of vantage points, located in eyeball networks around the globe, and find that between 14-35% of routing decisions are not explained by existing models. We then investigate these cases, and identify root causes such as selective prefix announcement, misclassification of undersea cables, and geographic constraints. Our work highlights the need for models that address such cases, and motivates the need for further investigation of evolving Internet connectivity. ◠Detecting BGP hijacks and interceptions We develop a system to detect BGP hijacks and interceptions in near real-time. When BGP was designed, the security challenges were not kept in mind. BGP lacks techniques like path validation and origin verification, as a result malicious ASes can advertises prefixes they do not own and can redirect the traffic to themselves. This is called BGP hijacking. Similarly, malicious ASes can partake man in the middle attack by routing traffic to the legitimate owner of the prefixes after redirecting first to themselves. This type of attack is called man in the middle attack. We develop a system to observe BGP announcements and updates in real time. We use combination of heuristics based on control plane and data plane (targeted traceroutes data) to separate malicious BGP announcements from legitimate announcements,44 pages

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.