Caracterização da Vulnerabilidade a Sequestros de Prefixo de Sistemas Autônomos Militares
Resumo
O campo cibernético tornou-se uma nova frente de ataques, como observado em conflitos recentes. Embora os militares utilizem redes segregadas para comunicações táticas, o uso da Internet para alguns serviços os torna vulneráveis a ataques, incluindo o sequestro de prefixo. As ferramentas atuais de proteção contra sequestros de prefixo são insuficientes ou podem ser facilmente burladas. Este trabalho utiliza um conjunto extensivo de simulações, com dados reais, para caracterizar a vulnerabilidade a sequestros de prefixo de 29 redes militares, revelando que redes mais conectadas e com vizinhos distribuídos geograficamente são menos afetadas. Entretanto, até 77% dos ataques podem passar despercebidos, mesmo com a melhor ferramenta disponível para detectar sequestros com origem forjada. O trabalho também discute possibilidades para tornar o sistema de roteamento dessas redes mais robusto.
Palavras-chave:
Roteamento interdomínio, BGP, Sequestro de Prefixo, Segurança da Internet
Referências
Azimov, A. et al. (2025). BGP AS PATH Verification Based on Autonomous System Provider Authorization (ASPA) Objects. Internet-draft, IETF. Work in Progress.
Barreto, R. P. et al. (2024). Poster: Traffic engineering security implications. In Proc. of ACM IMC’24, page 771–772.
Birge-Lee, H. et al. (2022). Creating a Secure Underlay for the Internet. In USENIX Security‘ 22, pages 2601–2618.
Bühler, T. et al. (2023). Oscilloscope: Detecting BGP Hijacks in the Data Plane. arXiv preprint arXiv:2301.12843.
Bush, R. and Austein, R. (2017). The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1. RFC 8210.
CAIDA (2015). AS Relationships (Serial-2). [link].
Carvalho, A. B. et al. (2025). Material Suplementar - Código Fonte e Dados. [link].
Electric, H. (2024). Hurricane Electric Internet Services. [link].
Fonseca, O. et al. (2020). Tracking Down Sources of Spoofed IP Packets. In Proc. of 2020 IFIP Networking Conference (Networking), pages 208–216.
Gao, L. and Rexford, J. (2001). Stable Internet Routing Without Global Coordination. IEEE/ACM Transactions on Networking, 9(6):681–692.
Holterbach, T., Alfroy, T., Phokeer, A. D., Dainotti, A., and Pelsser, C. (2024). A System to Detect Forged-Origin Hijacks. In Proc. of the 21th USENIX NSDI.
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. (2006). PHAS: A Prefix Hijack Alert System. In USENIX Security Symposium, volume 1, page 3.
Lepinski, M. and Sriram, K. (2017). BGPsec Protocol Specification. RFC 8205.
Li, W. et al. (2023). RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI. In ACM IMC 2023, page 73–88, New York, NY, USA.
Liu, Y., Su, J., and Chang, R. K. (2012). LDC: Detecting BGP Prefix Hijacking by Load Distribution Change. In 2012 IEEE 26th IPDPS Workshops, pages 1197–1203.
Madory, D. (2022). BGP Hijack of Twitter by Russian ISP. [link].
Marcos, P. et al. (2020). AS-Path Prepending: There Is No Rose Without a Thorn. In Proc. ACM IMC'20, page 506–520.
Mcgregor, T., Alcock, S., and Karrenberg, D. (2010). The RIPE NCC Internet Measurement Data Repository. In Int. Conf. on Passive and Active Network Measurement.
Meyer, D. (1997). University of Oregon Route Views Archive Project.
Milolidakis, A. et al. (2023). On the Effectiveness of BGP Hijackers That Evade Public Route Collectors. In IEEE Access, volume 11, pages 31092–31124.
Moll, O. (2020). Border Gateway Protocol Hijacking - Examples and Solutions. [link].
NIST (2024). NIST RPKI Monitor. [link].
Palmeira, C. (2023). Hackers entram na guerra e atacam governos da Palestina e de Israel. [link].
Philip Smith (2021). BGP Routing Table Analysis. [link].
Qin, L. et al. (2022). Themis: Accelerating the Detection of Route Origin Hijacking by Distinguishing Legitimate and Illegitimate MOAS. In USENIX Security‘ 22.
Rekhter, Y. et al. (2006). A Border Gateway Protocol 4 (BGP-4). RFC 4271.
Sermpezis, P. et al. (2018a). A Survey among Network Operators on BGP Prefix Hijacking. In Proc. ACM SIGCOMM’18, page 64–69.
Sermpezis, P. et al. (2018b). ARTEMIS: Neutralizing BGP Hijacking Within a Minute. In IEEE/ACM Transactions on Networking, volume 26, pages 2471–2486.
Shapira, T. and Shavitt, Y. (2022). AP2Vec: An Unsupervised Approach for BGP Hijacking Detection. IEEE Trans. on Network and Service Management, 19(3):2255–2268.
Siddiqui, A. (2022). KlaySwap – Another BGP Hijack Targeting Crypto Wallets. [link].
Suzuki, S. (2022). A guerra cibernética paralela entre Rússia e Ucrânia. [link].
Xiang, Y. et al. (2011). Argus: An Accurate and Agile System to Detecting IP Prefix Hijacking. In 19th IEEE ICNP, pages 43–48.
Barreto, R. P. et al. (2024). Poster: Traffic engineering security implications. In Proc. of ACM IMC’24, page 771–772.
Birge-Lee, H. et al. (2022). Creating a Secure Underlay for the Internet. In USENIX Security‘ 22, pages 2601–2618.
Bühler, T. et al. (2023). Oscilloscope: Detecting BGP Hijacks in the Data Plane. arXiv preprint arXiv:2301.12843.
Bush, R. and Austein, R. (2017). The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1. RFC 8210.
CAIDA (2015). AS Relationships (Serial-2). [link].
Carvalho, A. B. et al. (2025). Material Suplementar - Código Fonte e Dados. [link].
Electric, H. (2024). Hurricane Electric Internet Services. [link].
Fonseca, O. et al. (2020). Tracking Down Sources of Spoofed IP Packets. In Proc. of 2020 IFIP Networking Conference (Networking), pages 208–216.
Gao, L. and Rexford, J. (2001). Stable Internet Routing Without Global Coordination. IEEE/ACM Transactions on Networking, 9(6):681–692.
Holterbach, T., Alfroy, T., Phokeer, A. D., Dainotti, A., and Pelsser, C. (2024). A System to Detect Forged-Origin Hijacks. In Proc. of the 21th USENIX NSDI.
Lad, M., Massey, D., Pei, D., Wu, Y., Zhang, B., and Zhang, L. (2006). PHAS: A Prefix Hijack Alert System. In USENIX Security Symposium, volume 1, page 3.
Lepinski, M. and Sriram, K. (2017). BGPsec Protocol Specification. RFC 8205.
Li, W. et al. (2023). RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI. In ACM IMC 2023, page 73–88, New York, NY, USA.
Liu, Y., Su, J., and Chang, R. K. (2012). LDC: Detecting BGP Prefix Hijacking by Load Distribution Change. In 2012 IEEE 26th IPDPS Workshops, pages 1197–1203.
Madory, D. (2022). BGP Hijack of Twitter by Russian ISP. [link].
Marcos, P. et al. (2020). AS-Path Prepending: There Is No Rose Without a Thorn. In Proc. ACM IMC'20, page 506–520.
Mcgregor, T., Alcock, S., and Karrenberg, D. (2010). The RIPE NCC Internet Measurement Data Repository. In Int. Conf. on Passive and Active Network Measurement.
Meyer, D. (1997). University of Oregon Route Views Archive Project.
Milolidakis, A. et al. (2023). On the Effectiveness of BGP Hijackers That Evade Public Route Collectors. In IEEE Access, volume 11, pages 31092–31124.
Moll, O. (2020). Border Gateway Protocol Hijacking - Examples and Solutions. [link].
NIST (2024). NIST RPKI Monitor. [link].
Palmeira, C. (2023). Hackers entram na guerra e atacam governos da Palestina e de Israel. [link].
Philip Smith (2021). BGP Routing Table Analysis. [link].
Qin, L. et al. (2022). Themis: Accelerating the Detection of Route Origin Hijacking by Distinguishing Legitimate and Illegitimate MOAS. In USENIX Security‘ 22.
Rekhter, Y. et al. (2006). A Border Gateway Protocol 4 (BGP-4). RFC 4271.
Sermpezis, P. et al. (2018a). A Survey among Network Operators on BGP Prefix Hijacking. In Proc. ACM SIGCOMM’18, page 64–69.
Sermpezis, P. et al. (2018b). ARTEMIS: Neutralizing BGP Hijacking Within a Minute. In IEEE/ACM Transactions on Networking, volume 26, pages 2471–2486.
Shapira, T. and Shavitt, Y. (2022). AP2Vec: An Unsupervised Approach for BGP Hijacking Detection. IEEE Trans. on Network and Service Management, 19(3):2255–2268.
Siddiqui, A. (2022). KlaySwap – Another BGP Hijack Targeting Crypto Wallets. [link].
Suzuki, S. (2022). A guerra cibernética paralela entre Rússia e Ucrânia. [link].
Xiang, Y. et al. (2011). Argus: An Accurate and Agile System to Detecting IP Prefix Hijacking. In 19th IEEE ICNP, pages 43–48.
Publicado
19/05/2025
Como Citar
CARVALHO, Adriano B.; MARCOS, Pedro de B.; DE PAULA, Fabrício S.; DA SILVA, Carlos Alberto; FERREIRA, Ronaldo A..
Caracterização da Vulnerabilidade a Sequestros de Prefixo de Sistemas Autônomos Militares. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 43. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 84-97.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2025.5826.
