A combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing.
One of the most significant Internet-related problems of cybersecurity is route hijacking counteraction in the Internet global routing system. Attacking global routing is capable of harming millions of network devices (and also users) with much less effort than the well-known DDoS or Ransomware atta...
Збережено в:
| Дата: | 2019 |
|---|---|
| Автор: | |
| Формат: | Стаття |
| Мова: | Ukrainian |
| Опубліковано: |
Інститут проблем реєстрації інформації НАН України
2019
|
| Теми: | |
| Онлайн доступ: | http://drsp.ipri.kiev.ua/article/view/180256 |
| Теги: |
Додати тег
Немає тегів, Будьте першим, хто поставить тег для цього запису!
|
| Назва журналу: | Data Recording, Storage & Processing |
Репозитарії
Data Recording, Storage & Processing| id |
drspiprikievua-article-180256 |
|---|---|
| record_format |
ojs |
| institution |
Data Recording, Storage & Processing |
| baseUrl_str |
|
| datestamp_date |
2019-12-10T11:42:05Z |
| collection |
OJS |
| language |
Ukrainian |
| topic |
global routing route hijack route leak risc assessment cybersecurity |
| spellingShingle |
global routing route hijack route leak risc assessment cybersecurity Zubok, V. Yu. A combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing. |
| topic_facet |
глобальна маршрутизація перехоплення маршрутів оцінка ризиків кібербезпека global routing route hijack route leak risc assessment cybersecurity |
| format |
Article |
| author |
Zubok, V. Yu. |
| author_facet |
Zubok, V. Yu. |
| author_sort |
Zubok, V. Yu. |
| title |
A combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing. |
| title_short |
A combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing. |
| title_full |
A combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing. |
| title_fullStr |
A combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing. |
| title_full_unstemmed |
A combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing. |
| title_sort |
combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing. |
| title_alt |
Поєднання традиційних методів і метричного підходу до оцінки ризиків від кібератак на глобальну маршрутизацію |
| description |
One of the most significant Internet-related problems of cybersecurity is route hijacking counteraction in the Internet global routing system. Attacking global routing is capable of harming millions of network devices (and also users) with much less effort than the well-known DDoS or Ransomware attacks. The problem defined by Internet Engineering Task force (IETF, in RFC 7908) as «the propagation of routing announcement(s) beyond their intended scope. That is, an announcement from an Autonomous System (AS) of a learned BGP route to another AS is in violation of the intended policies of the receiver, the sender, and/or one of the ASes along the preceding AS path». In other words, some Internet provider could announce a route to some network prefixes which don’t belong to him. Then, a new fake route can compete with true route, and can win using BGP selection criteria. As a result, traffic to victimized networks is redirected improper way where it can be dropped, monitored, diversed. Border Gateway Protocol (BGP) itself has no mechanisms to defend routes. There are many improvements, including cryptographical approaches (electronic signatures, certificates, routing registries), are still either computationally complex, or hard to implement and control worldwide, or both. Avoiding or minimizing this risk is an actual problem.Relying on world practices of risk management, we‘ve made theoretical approaches to identification and evaluation of route hijacking risk by exploring topology — links and relations between the ASes. On a first step, we have proceeded through ISO Guide 73:2009 «Risk Management – Vocabulary» to tie-up to the commonly used methodical approach for risk management. Then, we used a classic STRIDE approach to routing security threats classification, and DREAD model to assess each threat of STRIDE acronym. Using such two-dimensional measuring, we achieved a numerically expressed impact of each threat on aggregated risk evaluation.Further we used offered earlier metric function of the Internet so we can see and specify clear relation between distance between two nodes and risk of route hijacking. The more distance between two autonomous systems, the more is risk of successful intrusion in global routing for their mutual traffic distortion. The same way we can measure the distance (i.e. evaluate the risk of route hijacking) between one node and a group of some other nodes. In the conclusion we emphasize that such approach opens a way to further formulation of route hijacking risk management problem in terms of topology tasks. Fig.: 3. Refs: 11 titles. |
| publisher |
Інститут проблем реєстрації інформації НАН України |
| publishDate |
2019 |
| url |
http://drsp.ipri.kiev.ua/article/view/180256 |
| work_keys_str_mv |
AT zubokvyu acombinationoftraditionalmethodsandametricapproachtoassessingtherisksfromcyberattackstoglobalrouting AT zubokvyu poêdnannâtradicíjnihmetodívímetričnogopídhodudoocínkirizikívvídkíberataknaglobalʹnumaršrutizacíû AT zubokvyu combinationoftraditionalmethodsandametricapproachtoassessingtherisksfromcyberattackstoglobalrouting |
| first_indexed |
2025-07-17T10:57:39Z |
| last_indexed |
2025-07-17T10:57:39Z |
| _version_ |
1850411375489187840 |
| spelling |
drspiprikievua-article-1802562019-12-10T11:42:05Z A combination of traditional methods and a metric approach to assessing the risks from cyber attacks to global routing. Поєднання традиційних методів і метричного підходу до оцінки ризиків від кібератак на глобальну маршрутизацію Zubok, V. Yu. глобальна маршрутизація перехоплення маршрутів оцінка ризиків кібербезпека global routing route hijack route leak risc assessment cybersecurity One of the most significant Internet-related problems of cybersecurity is route hijacking counteraction in the Internet global routing system. Attacking global routing is capable of harming millions of network devices (and also users) with much less effort than the well-known DDoS or Ransomware attacks. The problem defined by Internet Engineering Task force (IETF, in RFC 7908) as «the propagation of routing announcement(s) beyond their intended scope. That is, an announcement from an Autonomous System (AS) of a learned BGP route to another AS is in violation of the intended policies of the receiver, the sender, and/or one of the ASes along the preceding AS path». In other words, some Internet provider could announce a route to some network prefixes which don’t belong to him. Then, a new fake route can compete with true route, and can win using BGP selection criteria. As a result, traffic to victimized networks is redirected improper way where it can be dropped, monitored, diversed. Border Gateway Protocol (BGP) itself has no mechanisms to defend routes. There are many improvements, including cryptographical approaches (electronic signatures, certificates, routing registries), are still either computationally complex, or hard to implement and control worldwide, or both. Avoiding or minimizing this risk is an actual problem.Relying on world practices of risk management, we‘ve made theoretical approaches to identification and evaluation of route hijacking risk by exploring topology — links and relations between the ASes. On a first step, we have proceeded through ISO Guide 73:2009 «Risk Management – Vocabulary» to tie-up to the commonly used methodical approach for risk management. Then, we used a classic STRIDE approach to routing security threats classification, and DREAD model to assess each threat of STRIDE acronym. Using such two-dimensional measuring, we achieved a numerically expressed impact of each threat on aggregated risk evaluation.Further we used offered earlier metric function of the Internet so we can see and specify clear relation between distance between two nodes and risk of route hijacking. The more distance between two autonomous systems, the more is risk of successful intrusion in global routing for their mutual traffic distortion. The same way we can measure the distance (i.e. evaluate the risk of route hijacking) between one node and a group of some other nodes. In the conclusion we emphasize that such approach opens a way to further formulation of route hijacking risk management problem in terms of topology tasks. Fig.: 3. Refs: 11 titles. Однією із масштабних проблем кібербезпеки є запобігання перехопленню маршрутів у системі глобальної маршрутизації мережі Інтернет. Запропоновано класифікацію загроз, ідентифікацію та оцінку ризиків перехоплення маршруту за допомогою комбінованого підходу до відомих моделей STRIDE та DREAD. Зроблено формальний опис двовимірної моделі оцінки ризику, що дозволяє отримати кількісну оцінку ризику кожної із загроз, які притаманні глобальній маршрутизації у мережі Інтернет. Також, завдяки метричній функції, яка описує взаємне розташування вузлів у мережі Інтернет, установлено зв’язок між положенням вузла в мережі та ризиком перехоплення маршрутів до нього. Інститут проблем реєстрації інформації НАН України 2019-11-21 Article Article application/pdf http://drsp.ipri.kiev.ua/article/view/180256 10.35681/1560-9189.2019.21.2.180256 Data Recording, Storage & Processing; Vol. 21 No. 2 (2019); 41-48 Регистрация, хранение и обработка данных; Том 21 № 2 (2019); 41-48 Реєстрація, зберігання і обробка даних; Том 21 № 2 (2019); 41-48 1560-9189 uk http://drsp.ipri.kiev.ua/article/view/180256/184151 Авторське право (c) 2021 Реєстрація, зберігання і обробка даних |