The Real Incentives of Routing Manipulation

By Pablo Moriano Salazar, Ph.D. Student

The BGP protocol is the glue that sticks the Internet. Subnetworks called autonomous systems (ASes) use the BGP protocol to exchange reachability paths to groups of IP addresses that they own. By protocol design, no authentication mechanisms were taken into account, and ASes can claim address space even when they do no own it. This fundamental problem makes BGP manipulation a prominent attack vector for different purposes.

Too little is understood about the purposes of routing manipulation despite their significant increase during last years. Now, researchers Pablo Moriano, Soumya Achar, and L. Jean Camp from the School of Informatics, Computing, and Engineering at Indiana University have proposed a statistical framework to better determine the underlying factors behind routing manipulation. In an article published in Computers & Security, they found statistical significance evidence to attribute the origination of these anomalies for criminal and national intelligence purposes.

To demonstrate this, the researchers used data about routing anomalies by Argus at the Tsinghua University and macroeconomic variables from the World Bank. By using criminology theories and measures of civil conflict and political instability at the country level, they found evidence to explain that the motivation of these attacks is highly influenced by the desire of committing online crime or engaging in intelligence operation between nations.

This allowed them to classify countries in two different clusters. One that is based on highly-developed countries measured through the development of their technology infrastructure and another cluster of developing counties with problems of continuous civil was and corruption.

The study shows that the problem of BGP manipulation-as a continuously increasing threat-needs to consider other dimensions rather than traditional computer security protocol improvements. The authors conclude that any solution to the challenge of increasing router plane anomalies should consider crime and national state action as possibilities. This may particularly affect any solutions, which indicate that nation states can be roots of trust.

More information: Pablo Moriano at al., Incompetents, criminals, or spies: Macroeconomics analysis of routing anomalies, Computers & Security, vol. 70, pp. 319-334, 2017.