DARSHANA: Detecting Route Hijacking For Communication Confidentiality

TitleDARSHANA: Detecting Route Hijacking For Communication Confidentiality
Publication TypeConference Paper
Year of Publication2016
AuthorsBalu K, Pardal M, Correia M
Conference NameThe 15th IEEE International Symposium on Network Computing and Applications (NCA 2016)
Date Published31 October-2 Nov
PublisherIEEE Computer Society
Conference LocationCambridge, MA USA

The Border Gateway Protocol (BGP) plays a critical role in the Internet providing connectivity to hosts across the world. Unfortunately, due to its limited security, attackers can hijack traffic by generating invalid routes. Some detection systems for route hijacking have been presented, but they require non-public information, high resources, or can easily be circumvented by attackers. We propose DARSHANA, a monitoring solution that detects route hijacking based solely on data-plane information, and has enough redundancy to prevent attacker countermeasures such as dropping of traceroute probes. DARSHANA uses active probing techniques that enable detection in near real-time. By using diverse methods, DARSHANA can still detect attacks even if the adversary manages to counter some
techniques. We show that our solution allows effective detection of many hijacking attacks by emulating them using PlanetLab and Amazon AWS.