Technion Students Hack OSPF, the Most Popular Routing Protocol on the Internet

The attack was part of a student project in the Computer Science Department and has attracted substantial interest in two scientific conferences; the students will be awarded the Technion Amdocs Prize

Alex Kirshon and Dima Gonikman, students in the Technion Computer Science Department, succeeded in hacking the OSPF routing protocol, the most common protocol on the internet. The attack was part of a student project in the Laboratory of Computer Communication and Networking and has attracted substantial interest in two scientific conferences it was presented in. Alex and Dima will be awarded the Technion Amdocs Prize for Best Project in Computer Science. Their supervisors were Gabi Nakibly and Itai Dabran.

Hundreds of thousands of routers work on the internet, linking the different networks. Each router is supposed to “know” all the other routers and to “talk” to them (obtain information about their neighbors and about networks connected to them). The incessant involvement of the routers in the transmission of this information encumbers them and diminishes their effectiveness. Hence, the internet is in fact split into autonomic systems that “talk” to each other. The routers in each such system “know” one another.

The most popular protocol for the transmission of information between routers in autonomic systems is OSPF. If it malfunctions, many messages will not reach their destination. Moreover, there is the concern that these messages will reach the attacker of the protocol. Accordingly, stringent security measures are in place for the protocols of network routers.

One of the important defenses is called “fight-back”. When it is implemented – when a router recognizes that another router has sent data in its name – it immediately issues a correction.

With help from their supervisors, Alex Kirshon and Dima Gonikman “targeted” this correction. They triggered a fight-back from a router on the network, but immediately before it was sent, they sent a fight-back with false data that was received by some of the other routers. When these routers received the fight-back of the compromised router, they rejected it because they supposedly already received a fight-back from it.

The “attacking” students also identified in advance which fight-back the attacked router will send, so that the other routers received it from them “without doubts or questions”. From the moment they received the “fake” fight-back, there are routers on the network that have incorrect routing tables.

Such an attack can disrupt the entire operation of the autonomic system, prevent messages from reaching their destination and unnecessarily create substantial traffic on the network.

Seven groups of students will receive the Amdocs Prize for Best Project in a ceremony that will take place in mid-March in the Technion Computer Science Department.

In The Picture: The attacked router and the mode of attack. Figure: Technion Spokesman