Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Current Status and Challenges of BGP Hijacking Security Threat

BGP 하이재킹 보안 위협 대응 현황 및 과제

  • Han, Wooyoung (Undergraduate Student, Web Programming, Korea Digital Media High School) ;
  • Hong, Yunseok (Undergraduate Student, Goyang-il High School)
  • Received : 2022.08.25
  • Accepted : 2022.09.30
  • Published : 2022.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

BGP(Border Gateway Protocol) is a routing protocol that is actively used in inter-AS routing on the Internet. However, BGP routing protocol is vulnerable to BGP hijacking attacks that hijack the network by impersonating normal BGP sessions. BGP Hijacking attacks can lead to causing intercept IP traffic or interference with the normal service operation. Recently, BGP hijacking attacks, which have often occurred overseas, have also occurred in Korea. It means threatening the security of the Internet. In this paper, we analyze the overall process of attack through representative attack cases and virtual scenarios of BGP hijacking and based on the results of analyzing the application status of security technology to prevent BGP hijacking attacks by Korea and global major ISPs. It covers the technical proposal of ISPs and autonomous system operators should take to defend against BGP hijacking attacks.

BGP는 인터넷에서 자율시스템(AS) 간 통신에 많이 사용되는 라우팅 방식이다. 그러나 BGP 라우팅은 정상적인 BGP 세션을 가장하여 네트워크를 하이재킹 하는 BGP 하이재킹 공격에 취약하다. 하이재킹 공격을 통해 공격자는 IP 트래픽을 감청하거나, 정상적인 서비스가 불가하도록 방해할 수 있다. 최근 해외에서만 종종 발생하던 BGP 하이재킹 공격이 국내에도 발생하며 인터넷의 보안을 위협하고 있다. 본 논문에서는 BGP 하이재킹 공격에 대한 사례와 가상 공격 시나리오를 통해 공격이 이루어지는 과정 전반을 분석하고 하이재킹 공격을 방어하기 위한 보안 기술 현황과 국내, 해외 ISP 들의 BGP 보안 기술 적용 실태를 분석한 결과를 기반으로 ISP와 자율 시스템 운영자가 BGP 하이재킹 공격을 방어하기 위해 해야 할 기술적 조치를 다루고 있다.

Keywords

References

  1. M. Lepinski and S. Kent. (2012, February). An Infrastructure to Support Secure Internet Routing, RFC 6480 [Online]. Available: https://datatracker.ietf.org/doc/rfc6480/.
  2. M. Lepinski and K. Sriram. (2017, September). BGPsec Protocol Specification, RFC 8205 [Online]. Available: https://datatracker.ietf.org/doc/rfc8205/.
  3. M. Apostolaki, A. Zohar, and L. Vanbever, "Hijacking Bitcoin: Routing Attacks on Cryptocurrencies," in Proceedings of 2017 IEEE Symposium on Security and Privacy, California: CA, USA, pp. 375-392, 2017.
  4. Ministry of Science and ICT Korea. 211029 KT Network Issue Detail Report [Internet]. Available: https://www.msit.go.kr/bbs/view.do?sCode=user&mPid=112&mId=113&bbs SeqNo=94&nttSeqNo=3180886.
  5. S2W TALON with eyez. Post Mortem of KlaySwap Incident through BGP Hijacking [Internet]. Available: https://medium.com/s2wblog/post-mortem-of-klayswap-inc ident-through-bgp-hijacking-898f26727d66.
  6. RIPE. Routing Information Service (RIS) [Internet]. Available: https://ris-live.ripe.net.
  7. S. Cho, R. Fontugne, K. Cho, A. Dainotti, and P. Gill, "BGP hijacking classification," in Proceedings of 2019 Network Traffic Measurement and Analysis Conference, Paris, France, pp. 25-32, 2019.
  8. L. Yujing, L. Yuan, B. Zhang, and S. Jinshu, "Research on AS path betweenness based filtering policy against BGP prefix hijacking," in Proceedings of The 2nd International Conference on Information Science and Engineering, Hangzhou, China, pp. 4659-4662, 2010.
  9. Qrator Lab. Radar by Qrator [Internet]. Available: https://radar.qrator.net.
  10. Cloudflare.RPKI Portal [Internet]. Available: https://rpki.cloudflare.com.
  11. NIST. RPKI Monitor Analysis Data [Internet]. Available: https://rpki-monitor.antd.nist.gov.
  12. Anapaya. SCiON-The New Way to Connect [Internet]. Available:https://www.anapaya.net/scion-the-new-way-to-connect.