Visible to the public Global Internet Traffic Routing and Privacy

Submitted by grigby1 on Wed, 08/11/2021 - 3:02pm
TitleGlobal Internet Traffic Routing and Privacy
Publication TypeConference Paper
Year of Publication2020
AuthorsBrooks, Richard, Wang, Kuang-Ching, Oakley, Jon, Tusing, Nathan
Conference Name2020 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC)
KeywordsBGP Injection, Collaboration, composability, delays, Internet, IP networks, ip privacy, MITM, Peer-to-peer computing, policy-based governance, privacy, pubcrawl, resilience, Resiliency, Routing, SDN, Virtual private networks
AbstractCurrent Internet Protocol routing provides minimal privacy, which enables multiple exploits. The main issue is that the source and destination addresses of all packets appear in plain text. This enables numerous attacks, including surveillance, man-in-the-middle (MITM), and denial of service (DoS). The talk explains how these attacks work in the current network. Endpoints often believe that use of Network Address Translation (NAT), and Dynamic Host Configuration Protocol (DHCP) can minimize the loss of privacy.We will explain how the regularity of human behavior can be used to overcome these countermeasures. Once packets leave the local autonomous system (AS), they are routed through the network by the Border Gateway Protocol (BGP). The talk will discuss the unreliability of BGP and current attacks on the routing protocol. This will include an introduction to BGP injects and the PEERING testbed for BGP experimentation. One experiment we have performed uses statistical methods (CUSUM and F-test) to detect BGP injection events. We describe work we performed that applies BGP injects to Internet Protocol (IP) address randomization to replace fixed IP addresses in headers with randomized addresses. We explain the similarities and differences of this approach with virtual private networks (VPNs). Analysis of this work shows that BGP reliance on autonomous system (AS) numbers removes privacy from the concept, even though it would disable the current generation of MITM and DoS attacks. We end by presenting a compromise approach that creates software-defined data exchanges (SDX), which mix traffic randomization with VPN concepts. We contrast this approach with the Tor overlay network and provide some performance data.
DOI10.1109/MoNeTeC49726.2020.9258193
Citation Keybrooks_global_2020
Groups: