CFP last date
20 January 2025
Reseach Article

A Configuration based Approach to Mitigating Man-in-the-Middle Attacks in Enterprise Cloud IaaS Networks running BGP

by Stephen Brako Oti, Isaac Bansah, Tonny M. Adegboyega
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 146 - Number 1
Year of Publication: 2016
Authors: Stephen Brako Oti, Isaac Bansah, Tonny M. Adegboyega
10.5120/ijca2016910604

Stephen Brako Oti, Isaac Bansah, Tonny M. Adegboyega . A Configuration based Approach to Mitigating Man-in-the-Middle Attacks in Enterprise Cloud IaaS Networks running BGP. International Journal of Computer Applications. 146, 1 ( Jul 2016), 23-27. DOI=10.5120/ijca2016910604

@article{ 10.5120/ijca2016910604,
author = { Stephen Brako Oti, Isaac Bansah, Tonny M. Adegboyega },
title = { A Configuration based Approach to Mitigating Man-in-the-Middle Attacks in Enterprise Cloud IaaS Networks running BGP },
journal = { International Journal of Computer Applications },
issue_date = { Jul 2016 },
volume = { 146 },
number = { 1 },
month = { Jul },
year = { 2016 },
issn = { 0975-8887 },
pages = { 23-27 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume146/number1/25363-2016910604/ },
doi = { 10.5120/ijca2016910604 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:49:07.385241+05:30
%A Stephen Brako Oti
%A Isaac Bansah
%A Tonny M. Adegboyega
%T A Configuration based Approach to Mitigating Man-in-the-Middle Attacks in Enterprise Cloud IaaS Networks running BGP
%J International Journal of Computer Applications
%@ 0975-8887
%V 146
%N 1
%P 23-27
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Cloud IaaS service providers offer virtualized computing resources to enterprises over the internet. As with most internet based services, cloud service providers may need to establish BGP peering relationships with upstream/neighbor ISPs for the purposes of exchanging routing information between their respective Autonomous systems thereby making it possible for a rogue AS to carry out a Man-In-The-Middle (MITM) attack. Available literature supports the fact that BGP as an infrastructure protocol is vulnerable to MITM attacks yet a good number of proposals aimed at counteracting these attacks have not been fully implemented. Secure BGP, Secure Origin BGP and Pretty Secure BGP are all proposals which have not been fully implemented due to high overhead and invariable router load. We believe however that an existing cloud IaaS service provider could mitigate the risk of a MITM attack by optimizing their configurations and ensuring that upstream providers do a proper job filtering prefixes using a prefix-list. This paper presents a GNS-3 simulation of a MITM attack by mimicking a section of the internet and goes on to show how the application of a prefix-list can help mitigate the attack.

References
  1. Rashid, F. Y. (2016) Introducing the 'Treacherous 12,' the top security threats organizations face when using cloud services.http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html
  2. Oti, S.B. and Hayfron-Acquah, J.B., 2014. Practical Security Approaches against Border Gateway Protocol (BGP) Session Hijacking Attacks between Autonomous Systems. Journal of Computer and Communications, 2014.
  3. McCullagh, D. (2008) How Pakistan knocked YouTube offline (and how to make sure it never happens again). http://www.cnet.com/news/how-pakistan-knocked-youtube-offline-and-how-to-make-sure-it-never-happens-again/
  4. Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B. and Zhang, L., 2006, August. PHAS: A Prefix Hijack Alert System. In Usenix Security.
  5. Kent, S., Lynn, C. and Seo, K., 2000. Secure border gateway protocol (S-BGP). Selected Areas in Communications, IEEE Journal on, 18(4), pp.582-592.
  6. Butler, K.R., Farley, T.R., McDaniel, P. and Rexford, J., 2010. A Survey of BGP Security Issues and Solutions. Proceedings of the IEEE, 98(1), pp.100-122.
  7. Zhao, M., Smith, S.W. and Nicol, D.M., 2005. The performance impact of BGP security. IEEE network, 19(6), pp.42-48.
  8. White, R., 2003. Securing BGP through secure origin BGP (soBGP). Business Communications Review, 33(5), pp.47-53.
  9. Wan, T., Kranakis, E. and van Oorschot, P.C., 2005, February. Pretty Secure BGP, psBGP. In NDSS.
  10. Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B. and Zhang, L., 2006, August. PHAS: A Prefix Hijack Alert System. In Usenix Security.
  11. Murphy, S., 2006. BGP security vulnerabilities analysis. https://tools.ietf.org/html/rfc4272.html
  12. Empson, s., Gargano, P., Roth, H., CCNP Routing and Switching Portable Command Guide: Configuration of Redistributionhttp://www.ciscopress.com/articles/article.asp?p=2273507&seqNum=11
Index Terms

Computer Science
Information Sciences

Keywords

BGP security Cloud Services Prefix-List Secure BGP Session Hijacking.