VisBGP: Interactive Visualization for Enhanced BGP Security

Abstract

"The security of the internet's routing infrastructure is critically threatened by the vulnerabilities inherent in the Border Gateway Protocol (BGP), which is responsible for routing data between Autonomous Systems (ASes). Due to its lack of built-in security features, BGP is susceptible to a range of attacks, including prefix hijacking and route leaks, leading to disruptions, data breaches, and diminished trust in internet services. Addressing these vulnerabilities requires sophisticated tools that can simulate, analyze, and eventually help mitigate potential threats. To tackle these issues, this thesis introduces VisBGP, a novel tool designed to enhance BGP security research through detailed simulation and visualization. VisBGP leverages the BGPy simulator, integrated into a custom-built frontend GUI, enabling efficient research simulations and realistic traffic generation. In addition to the tool, a new policy – VisBGP Policy - based on an improved version of Route Origin Validation (ROV) combined with BGPsec has been proposed. Although this policy is currently tested only in a simulated environment, it holds significant potential for future real-world application, providing a proactive approach to strengthening BGP security. Preliminary testing of VisBGP demonstrates its capability to accurately simulate BGP traffic and visualize various BGP threat scenarios. The tool's ability to model and analyze complex BGP behaviors offers valuable insights, particularly when evaluating the effectiveness of the newly proposed VisBGP policy. These promising results suggest that VisBGP, coupled with the new policy, could substantially improve the management and security of BGP, contributing to a more stable and secure internet routing infrastructure. "