SICO attacks and how to protect your network against them

Alina Tyukhova
Post by Alina Tyukhova
August 5, 2020
SICO attacks and how to protect your network against them

Researchers recently found a new network attack – Surgical Interception using Communities (SICO) attack. It allows the attacker to intercept internet traffic undisclosed. The attack exploits vulnerabilities of Border Gateway Protocol (BGP) and works in experimental setups. There is no way to overcome the attack because it utilises internal properties of BGP – mutual trust. Additional measures are also hardly helpful. Let’s take a more detailed look at how SICO attacks work and explore how Anapaya can prevent them.

Internet from an attacker’s point of view

The internet consists of thousands of independent networks – Autonomous Systems (ASes) – interconnected with each other. Every router is connected to several other routers and holds its own routing table – a rulebook that specifies to which interface an arriving data packet is forwarded depending on the IP prefix in its header (address of the receiver). The ultimate goal is to deliver a data packet in the most optimal way.

For this purpose, routing tables must reflect the state of the internet, as well as routing policies of the respective ASes. To stay up-to-date, routers constantly exchange routing information and send announcements to neighbours, such as lists of accessible IP prefixes, path lengths to them, and other information. After receiving an announcement, the router can accept it into its routing table and forward it further. This is the Border Gateway Protocol (BGP).

Unfortunately, BGP is vulnerable to active attacks. Current protection methods like Origin Authentication or BGPsec are cumbersome, require complex public key infrastructure, and slow down performance. Therefore, they are not widely deployed nowadays and classical BGP does not validate the origin of advertisements.

BGP relies on mutual trust among ASes: if a malicious router announces zero-distance to a certain IP prefix, misguided neighbours will reroute the traffic towards the malicious router. This type of attack is commonly referred to as BGP hijacking.

Generally, network adversaries have two potential goals: traffic hijacking and traffic interception. In the first case, the adversary attracts all traffic intended for the victim’s IP prefix, and traffic never reaches the victim. Though the attack is easy to implement, higher-level protocols can also easily detect it.

Traffic interception, however, is more advanced. The attacker’s goal is to intercept and/or modify the traffic while remaining undetected. For that purpose, the adversary announces bogus routes. This has the result that all neighbouring routers will return packets to the adversary instead of sending it to the victim. Hence, the adversary acts like a black hole and has little control over how to deliver the packets. Here SICO attacks come into play.

What is a SICO (Surgical Interception using Communities) attack?

The idea of SICO is to manipulate only certain paths and leave other paths intact. Namely, an adversary can control how remote routers adopt and propagate the bogus announcement.

The attack uses community groups – an optional feature of a BGP announcement. The aim of such community groups is to make routing flexible and customised. Thus, the administrator configures a router to prefer one announcement over another with the same path length, based on information in their community (e.g. to prefer routes from client ASes over routes from peer ASes, because of pricing). Moreover, a router can adopt an announcement and include it into its routing table but avoid propagating it depending on the information in the community group. Communities are not standardised, but most of the top 30 ASes support them.

In the SICO attack, the adversary uses community groups to construct special announcements: they propagate along elaborated paths and attract the victim’s traffic to the adversary; while routers along the adversary-victim path do not adopt or even see these announcements. The path remains intact. It is a fine-crafted piece of work, hence why we call this attack surgical.

First, the adversary investigates the network topology and routing preferences of the ASes. They send several announcements with no community groups, and analyse if routers along the adversary-victim path adopt them. If some routers are corrupted, the adversary suppresses this route to communities and iterates the experiment until there is a working adversary-victim path.

Next, the attacker deliberately creates announcements to community groups, that suppress announcement propagation through the adversary-victim path. After announcements are sent, the attack starts. The adversary attracts traffic intended for the victim while maintaining a valid network path to the victim’s IP prefix.

Experiments generally show good feasibility of the SICO attack. Researchers estimate that SICO is viable to 48% of ASs (or 83% of multi-homed ASes).

Thus, the attack is feasible, flexible and applicable in a significant amount of cases.

How Anapaya can prevent these attacks

The vulnerability of BGP lies within its core: it relies on mutual trust between ASes and does not have internal protection against bogus announcements. A malicious AS can pretend to be a legitimate owner of any IP prefix, and other routers cannot verify it. Neither prefix filtering nor ‘route origin validating’ disclose such fraud.

Anapaya leverages SCION, a next-generation internet protocol built with security, reliability, and control as part of its DNA.

In SCION, the routers do not hold routing tables. All necessary information for forwarding is in the header of a data packet. The sender composes this end-to-end path out of pre-constructed path segments, which, in turn, are cryptographically protected and stored in special servers.

Each record (a hop) along that data path is cryptographically signed with a special key of corresponding AS. To pretend to own a certain IP prefix, an adversary needs to forge the cryptographic signature of the real owner. This is unfeasible because ASes regularly update their keys (dynamic recreation) and exchange this information through secure channels. Therefore, the adversary cannot brute-force authentication keys. The system will not accept a bogus announcement, and routers will not see it.

Thus, SCION offers a fundamental solution to the problem of fake announcements.

Anapaya and its partnering ISPs use all the benefits of SCION to build a next-generation B2B-focussed public network that resists routing attacks like traffic hijacking or SICO. To learn more about Anapaya’s solution, visit

Alina Tyukhova
Post by Alina Tyukhova
August 5, 2020