Search Results

Documents authored by Apostolaki, Maria


Artifact
Software
Princeton-Cabernet/HiDe

Authors: Satadal Sengupta, Hyojoon Kim, Daniel Jubas, Maria Apostolaki, and Jennifer Rexford


Abstract

Cite as

Satadal Sengupta, Hyojoon Kim, Daniel Jubas, Maria Apostolaki, Jennifer Rexford. Princeton-Cabernet/HiDe (Software, Source Code). Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@misc{dagstuhl-artifact-25664,
   title = {{Princeton-Cabernet/HiDe}}, 
   author = {Sengupta, Satadal and Kim, Hyojoon and Jubas, Daniel and Apostolaki, Maria and Rexford, Jennifer},
   note = {Software, swhId: \href{https://archive.softwareheritage.org/swh:1:dir:2272463d8c80928885444045fff64939993e666b;origin=https://github.com/Princeton-Cabernet/HiDe;visit=swh:1:snp:6680b9886002b652616c1a164764698587d55ecb;anchor=swh:1:rev:cfeef031c43905c5a00e598d02fbdaf81ea44dcd}{\texttt{swh:1:dir:2272463d8c80928885444045fff64939993e666b}} (visited on 2026-03-19)},
   url = {https://github.com/Princeton-Cabernet/HiDe},
   doi = {10.4230/artifacts.25664},
}
Document
Passive Data-Plane Telemetry to Mitigate Long-Distance BGP Hijacks

Authors: Satadal Sengupta, Hyojoon Kim, Daniel Jubas, Maria Apostolaki, and Jennifer Rexford

Published in: OASIcs, Volume 139, 1st New Ideas in Networked Systems (NINeS 2026)


Abstract
Poor security of Internet routing enables adversaries to divert user data through unintended infrastructures in attacks known as hijacks. Of particular concern - and the focus of this paper - are cases where attackers reroute domestic traffic through foreign countries and still deliver it to the intended destination, exposing traffic to surveillance, bypassing legal privacy protections, and posing national security threats. Efforts to detect and mitigate such attacks have focused primarily on the control plane, while data-plane signals remain largely overlooked. In this paper, we argue that passively-monitored round-trip time (RTT) - and, in particular, changes in its propagation-delay component - offers a promising signal for detection: the increased propagation delay is unavoidable and directly observable from affected networks, enabling opportunities for faster detection and mitigation. We explore the practicality of using RTT variations for hijack detection, addressing two key questions: (1) What coverage can this provide, given its heavy dependence on the geolocations of the sender, receiver, and adversary? and (2) Can an always-on RTT-based detection system be deployed without disrupting normal network operations? Focusing on cross-country interception attacks, we find that coverage is high: 97% under ideal (i.e., data travels at the speed of light) conditions, and 91% and 86% with real traffic from two datasets. To demonstrate practicality, we design HiDe, which reliably detects delay surges from long-distance hijacks at line rate using commodity programmable hardware. We measure HiDe’s accuracy and false-positive rate on real-world data and validate it with ethically conducted hijacks.

Cite as

Satadal Sengupta, Hyojoon Kim, Daniel Jubas, Maria Apostolaki, and Jennifer Rexford. Passive Data-Plane Telemetry to Mitigate Long-Distance BGP Hijacks. In 1st New Ideas in Networked Systems (NINeS 2026). Open Access Series in Informatics (OASIcs), Volume 139, pp. 14:1-14:26, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2026)


Copy BibTex To Clipboard

@InProceedings{sengupta_et_al:OASIcs.NINeS.2026.14,
  author =	{Sengupta, Satadal and Kim, Hyojoon and Jubas, Daniel and Apostolaki, Maria and Rexford, Jennifer},
  title =	{{Passive Data-Plane Telemetry to Mitigate Long-Distance BGP Hijacks}},
  booktitle =	{1st New Ideas in Networked Systems (NINeS 2026)},
  pages =	{14:1--14:26},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-414-7},
  ISSN =	{2190-6807},
  year =	{2026},
  volume =	{139},
  editor =	{Argyraki, Katerina and Panda, Aurojit},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.NINeS.2026.14},
  URN =		{urn:nbn:de:0030-drops-255992},
  doi =		{10.4230/OASIcs.NINeS.2026.14},
  annote =	{Keywords: Network security, routing, Border Gateway Protocol, hijack, interception attack, programmable networks, in-network detection, in-network mitigation}
}
Any Issues?
X

Feedback on the Current Page

CAPTCHA

Thanks for your feedback!

Feedback submitted to Dagstuhl Publishing

Could not send message

Please try again later or send an E-mail