Can an Israeli Solution Stop Internet Hijacking?

No mechanism exists to prevent countries like China or Pakistan from hijacking worldwide Internet traffic. Researchers at the Hebrew and Bar-Ilan universities are developing a new technology that could change that.


On April 8, 2010, some15 percent of global Internet traffic, including traffic flowing to and from United States government and military websites, began flowing through China, in an incident of what is known as “IP hijacking.” The incident only lasted for 18 minutes and it has never been conclusively determined as deliberate, rather than acidental. But it highlighted a major flaw in the core Domain Name System, that enables the Internet to function.

There have been incidents of similar magniture in each of the subsequent five years and dozens of smaller incidents that received little attention. All attempts to solve the problem in the DNS system have failed. Now, Dr. Michael Schapira, of the Hebrew University School of Engineering and Computer Science, believes he has a solution.

The DNS, which is primarily responsible for translating the numerical IP addresses that computers use into the domain names that are understandable to us humans, is also responsible for routing all Internet communication. That is done by means of what’s known as the Border Gateway Protocol. When you want to get to a video on YouTube or an article on Buzzfeed, you type in the address or click on the link, and the Internet server (automatically) checks the worldwide routing charts to determine the fastest route between you and the desired content.

The problem is that these protocols date from the dawn of the Internet age – way back in the early 1980s, when the web was young and innocent and all the parties connected to it were relatively credible research institutes, universities and so on. No one thought about Internet traffic being hijacked or the potential for serious routing errors, such as when Pakistan blocked the world’s access to YouTube in 2008 while attempting to block it in its own country.

“Today we’re living with a very different Internet than we had back then,” says Schapira, recipient of the Wolf Foundation’s Krill Prize for Excellence in Scientific Research. “But nothing has fundamentally changed in terms of information security.”

The BGP works as it does because the Internet is essentially composed of many smaller networks, each of which can announce that the fastest route to a specific target passes through it. “The routing system is easily breached, in the sense that I can disguise myself and say that I am the fastest route,” Schapira explains. “It’s so simple – I just declare that I have the address with me, so the traffic comes to me.”

“Everyone can see that this is probably the most critical problem with the Internet infrastructure,” Schapira continues, “but it touches on the heart of the system, which makes it very hard to change the situation and introduce upgrades. You can’t replace the entire Internet infrastructure. You can’t stop everything and say you’re shutting down the Internet for a day or two, or even a half-hour.”

Not that fixes haven’t been attempted. The American government has invested millions in solutions intended to fortify the system, but to little avail. The most prominent of these is called Resource Public Key Infrastructure, which offers only a very partial solution to the problem of DNS hijacking, according to computer experts, and implementing it would be so daunting as to be practically hopeless.

That’s because RPKI seeks to solve the problem by verifying the chain of ownership of IP addresses through the provision of proof. Domain owners are required to verify their ownership by contacting the entity above them in the chain and obtaining proof. Google does not have RPKI and nor do the major Internet servers. The adoption rate varies from country to country, but in the best case it only nears the 5 percent mark.

Many are wary of joining the system because of the power it gives to those located above them, Schapira explains. “If you’re dependent upon me for proof then at any given moment I could cancel the permission. I could cut off whole countries from the Internet. This sort of thing could also just happen by mistake. There was recently a big problem like that in Africa.”

Another problem is that RPKI only solves the problem of one entity disguising itself as something else. For example, says Schapira, it’s supposed to prevent a situation in which the university computer tries to pass itself off as Google and announce that it has ownership of the company’s IP addresses. But it doesn’t solve cases where someone legitimate makes a false claim – namely, that the fastest routing for transferring information passes through his network.

The solution proposed by Schapira and Professor Amir Herzberg of Bar Ilan University aims to get around the bureaucratic and technical difficulties of adopting RPKI. The idea is that the entire approval and verification process will be done automatically by a series of checks performed by their system to ensure that whoever declares himself the owner of certain address is in fact the correct owner.

For example, when someone declares himself owner of a certain address, their system conducts a complex series of checks by attempting to reach the address from several locations in the world via the anonymous TOR network.

“The vast verification network is divided and spread out all over the world. You can only obtain approval if you’ve convinced the majority. And each of them will send you many queries over a long period of time from a large number of places in the world.

“For someone to be able to answer in my stead and basically cut me off from the Internet, he has to be able to answer every query that is sent to me from Antarctica to Germany and anywhere in between. Even if an attacker is sitting on 95 percent of the routes, our analysis says that it will take him thousands of years to answer all the queries that he receives and to convince all the relevant parties.”

Schapira and Herzberg have also added another tool to help thwart attempts to divert traffic. Call it the “neighborhood” method: Each party that verifies its IP addresses also declares what networks are adjacent to it, thus providing a better picture of the whole neighborhood for the entire system. Once it’s in place, an Internet server in Israel, for example, would not be able to declare to routers in the United States that it is the right highway for reaching Google’s American websites.

Experiments indicate that even if just 20-30 percent of the Internet adopts the system, it has a good chance of nearly completely eradicating DNS hijacking, Schapira says.