Practical experience: Methodologies for measuring route origin validation

Tomas Hlavacek; Amir Herzberg; Haya Shulman; Michael Waidner

doi:10.1109/DSN.2018.00070

Practical experience: Methodologies for measuring route origin validation

Tomas Hlavacek, Amir Herzberg, Haya Shulman, Michael Waidner

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

15 Scopus citations

Abstract

Performing Route Origin Validation (ROV) to filter BGP announcements, which contradict Route Origin Authorizations (ROAs) is critical for protection against BGP prefix hijacks. Recent works quantified ROV enforcing Autonomous Systems (ASes) using control-plane experiments. In this work we show that control-plane experiments do not provide accurate information about ROV-enforcing ASes. We devise data-plane approaches for evaluating ROV in the Internet and perform both control and data-plane experiments using different data acquisition sources. We analyze and correlate the results of our study to identify the number of ASes enforcing ROV, and hence protected with RPKI. We perform simulations with the ROV-enforcing ASes that we identified, and find that their impact on the Internet security against prefix hijacks is negligible. As a countermeasure we provide recommendations how to cope with the main factor hindering wide adoption of ROV.

Original language	English
Title of host publication	Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	634-641
Number of pages	8
ISBN (Electronic)	9781538655955
DOIs	https://doi.org/10.1109/DSN.2018.00070
State	Published - 19 Jul 2018
Externally published	Yes
Event	48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018 - Luxembourg City, Luxembourg Duration: 25 Jun 2018 → 28 Jun 2018

Publication series

Name	Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018

Conference

Conference	48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018
Country/Territory	Luxembourg
City	Luxembourg City
Period	25/06/18 → 28/06/18

Bibliographical note

Funding Information:
We thank Hank Nussbacher, Israel Inter-University Computation Center for setting up the experiment and providing measured data. The research reported in this paper has been supported in part by the German Federal Ministry of Education and Research (BMBF), by the Hessian Ministry of Science and the Arts within CRISP (www.crisp-da.de/) and co-funded by the DFG as part of project S3 within the CRC 1119 CROSSING.

Publisher Copyright:
© 2018 IEEE.

Keywords

BGP
Controlled Experiments
ROV
RPKI
Route Origin Validation

Access to Document

10.1109/DSN.2018.00070

Cite this

Hlavacek, T., Herzberg, A., Shulman, H., & Waidner, M. (2018). Practical experience: Methodologies for measuring route origin validation. In Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018 (pp. 634-641). Article 8416522 (Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2018.00070

Hlavacek, Tomas ; Herzberg, Amir ; Shulman, Haya et al. / Practical experience : Methodologies for measuring route origin validation. Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 634-641 (Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018).

@inproceedings{439fdc4f0b8d4636a6d86df427bd5896,

title = "Practical experience: Methodologies for measuring route origin validation",

abstract = "Performing Route Origin Validation (ROV) to filter BGP announcements, which contradict Route Origin Authorizations (ROAs) is critical for protection against BGP prefix hijacks. Recent works quantified ROV enforcing Autonomous Systems (ASes) using control-plane experiments. In this work we show that control-plane experiments do not provide accurate information about ROV-enforcing ASes. We devise data-plane approaches for evaluating ROV in the Internet and perform both control and data-plane experiments using different data acquisition sources. We analyze and correlate the results of our study to identify the number of ASes enforcing ROV, and hence protected with RPKI. We perform simulations with the ROV-enforcing ASes that we identified, and find that their impact on the Internet security against prefix hijacks is negligible. As a countermeasure we provide recommendations how to cope with the main factor hindering wide adoption of ROV.",

keywords = "BGP, Controlled Experiments, ROV, RPKI, Route Origin Validation",

author = "Tomas Hlavacek and Amir Herzberg and Haya Shulman and Michael Waidner",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018 ; Conference date: 25-06-2018 Through 28-06-2018",

year = "2018",

month = jul,

day = "19",

doi = "10.1109/DSN.2018.00070",

language = "אנגלית",

series = "Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "634--641",

booktitle = "Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018",

address = "ארצות הברית",

}

Hlavacek, T, Herzberg, A, Shulman, H & Waidner, M 2018, Practical experience: Methodologies for measuring route origin validation. in Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018., 8416522, Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018, Institute of Electrical and Electronics Engineers Inc., pp. 634-641, 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018, Luxembourg City, Luxembourg, 25/06/18. https://doi.org/10.1109/DSN.2018.00070

Practical experience: Methodologies for measuring route origin validation. / Hlavacek, Tomas; Herzberg, Amir; Shulman, Haya et al.
Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 634-641 8416522 (Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Practical experience

T2 - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018

AU - Hlavacek, Tomas

AU - Herzberg, Amir

AU - Shulman, Haya

AU - Waidner, Michael

PY - 2018/7/19

Y1 - 2018/7/19

N2 - Performing Route Origin Validation (ROV) to filter BGP announcements, which contradict Route Origin Authorizations (ROAs) is critical for protection against BGP prefix hijacks. Recent works quantified ROV enforcing Autonomous Systems (ASes) using control-plane experiments. In this work we show that control-plane experiments do not provide accurate information about ROV-enforcing ASes. We devise data-plane approaches for evaluating ROV in the Internet and perform both control and data-plane experiments using different data acquisition sources. We analyze and correlate the results of our study to identify the number of ASes enforcing ROV, and hence protected with RPKI. We perform simulations with the ROV-enforcing ASes that we identified, and find that their impact on the Internet security against prefix hijacks is negligible. As a countermeasure we provide recommendations how to cope with the main factor hindering wide adoption of ROV.

AB - Performing Route Origin Validation (ROV) to filter BGP announcements, which contradict Route Origin Authorizations (ROAs) is critical for protection against BGP prefix hijacks. Recent works quantified ROV enforcing Autonomous Systems (ASes) using control-plane experiments. In this work we show that control-plane experiments do not provide accurate information about ROV-enforcing ASes. We devise data-plane approaches for evaluating ROV in the Internet and perform both control and data-plane experiments using different data acquisition sources. We analyze and correlate the results of our study to identify the number of ASes enforcing ROV, and hence protected with RPKI. We perform simulations with the ROV-enforcing ASes that we identified, and find that their impact on the Internet security against prefix hijacks is negligible. As a countermeasure we provide recommendations how to cope with the main factor hindering wide adoption of ROV.

KW - BGP

KW - Controlled Experiments

KW - ROV

KW - RPKI

KW - Route Origin Validation

UR - http://www.scopus.com/inward/record.url?scp=85051060138&partnerID=8YFLogxK

U2 - 10.1109/DSN.2018.00070

DO - 10.1109/DSN.2018.00070

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85051060138

T3 - Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018

SP - 634

EP - 641

BT - Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 25 June 2018 through 28 June 2018

ER -

Hlavacek T, Herzberg A, Shulman H, Waidner M. Practical experience: Methodologies for measuring route origin validation. In Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 634-641. 8416522. (Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018). doi: 10.1109/DSN.2018.00070

Practical experience: Methodologies for measuring route origin validation

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this