Search papers, labs, and topics across Lattice.
This paper investigates the security threat of stealthy BGP hijacking, a form of attack that diverts traffic without alerting victims, which has been largely overlooked in the context of partial Route Origin Validation (ROV) deployment. The authors introduce SHAMAN, a BGP route inference framework that efficiently assesses the risk of such hijacking by generating Internet-wide routes and conducting statistical analyses on routing discrepancies. Their empirical study reveals a concerning 14.1% overall success probability for stealthy BGP hijacking, with targeted attacks achieving a staggering 99.5% success rate in specific scenarios, highlighting the urgency of addressing this vulnerability in network security.
Stealthy BGP hijacking poses a 14.1% risk overall, with targeted attacks soaring to 99.5% success, revealing a critical blind spot in current internet security measures.
The partial deployment of Route Origin Validation (ROV) poses an unexpected security threat known as stealthy BGP hijacking, i.e., a particularly elusive form of BGP hijacking where malicious routes divert traffic without reaching (and thus alerting) the victims. This risk remains largely unexplored, with neither documented real-world incidents nor systematic characterization available. To bridge this gap, we formalize stealthy BGP hijacking and propose heuristics to discover potential instances through routing table discrepancies. We conduct the first empirical study to track and profile stealthy BGP hijacking in the wild, contributing a curated real-world incident dataset and a long-term monitoring service. Inspired by the empirical insights, we further conduct an analytical study to exhaustively assess the risk. This requires accurate ROV deployment data, complete Internet-wide routes, and tailored analytical models. To address these challenges, we develop SHAMAN, a BGP route inference framework dedicated to assessing stealthy BGP hijacking risk. SHAMAN consolidates multiple sources to construct an accurate view of ROV deployment, infers complete Internet-wide routes through a highly efficient matrix-based approach, and facilitates statistical risk analysis via a "victim-target-hijacker" 3-tuple model. By reducing the time for generating Internet-scale routes from over three months to just 5.22 hours, SHAMAN enables systematic risk assessment across 8.3 billion generated routes under real-world ROV deployment. Our findings reveal a 14.1% overall success probability for stealthy BGP hijacking, with targeted attacks reaching 99.5% success in specific cases. Validation against our real-world dataset shows up to 95.9% incident-level accuracy, demonstrating the fidelity of our analytical results.