UKNOF is being closed down during 2024, and this site is now only active as an archive of previous events and presentations.

15 January 2020
etc Venues Bishopsgate
Europe/London timezone

ARTEMIS: an Open-source Tool for Detecting BGP Prefix Hijacking in Real Time

15 Jan 2020, 15:15
20m
Broadgate 1 & 2 (etc Venues Bishopsgate)

Broadgate 1 & 2

etc Venues Bishopsgate

155 Bishopsgate Liverpool Street London EC2M 3YD
Main Session

Speaker

Mr Petros Gigis (UCL)

Description

ARTEMIS is a defense approach against BGP prefix hijacking attacks. It is (a) based on accurate and fast detection operated by the AS itself, by leveraging the pervasiveness of publicly available BGP monitoring services (such as RIPE RIS and RouteViews), and it (b) enables flexible and fast mitigation of hijacking events.

The open-source tool provides the following services to an operational network that deploys it:

  1. Real-time monitoring of BGP updates, using BGP streaming services
    from the RIPE NCC's Routing Information System (RIS) (RIS live),
    RouteViews and CAIDA BMP feeds, as well as monitors that are
    deployed locally in the network that ARTEMIS protects (e.g., using
    exaBGP interfaces to the network's BGP border routers).
  2. Accurate and comprehensive detection of BGP prefix hijacking
    attacks, within seconds from their initiation.
  3. Flexible and automated mitigation of BGP prefix hijacking attacks,
    using practical mechanisms (such as prefix de-aggregation), within
    seconds to minutes from the initiation of the attacks.

Users can choose to enable only some of these services (each requiring the previous one to be enabled).

ARTEMIS contributes to a more secure Internet, since:

  1. It offers a network operator an easy-to-use open-source tool to
    detect and counter, in real-time, BGP hijacking attacks (e.g.,
    sub-prefix, fake origin) against its own prefixes.
  2. It is complementary to RPKI. By working in concert, the two
    approaches can offer more complete proactive (RPKI) and reactive
    (ARTEMIS) protection against BGP prefix hijacking attacks.
  3. It surpasses the state of the art (i.e., third party detection
    services) in terms of detection speed, comprehensiveness, and
    accuracy, by leveraging both global (BGP monitors) and local
    (network operator contextual knowledge) information and scalable
    architectures for collecting and analysing incoming BGP feeds.

In this talk, we provide a presentation of ARTEMIS tool and a demo (slides/video) on the practical operation of ARTEMIS.

ARTEMIS website:
https://www.inspire.edu.gr/artemis

ARTEMIS GitHub repository:
https://github.com/FORTH-ICS-INSPIRE/artemis

Primary authors

Mr Petros Gigis (UCL) Dr Kotronis Vasileios (FORTH) Mr Dimitrios Mavrommatis Dr Pavlos Sermpezis (FORTH) Dr Alistair King (CAIDA) Dr Alberto Dainotti (CAIDA/UCSD) Prof. Xenofontas Dimitropoulos (FORTH/UoC)

Presentation materials