Performing Route Origin Validation (ROV) to filter BGP announcements, which contradict Route Origin Authorizations (ROAs) is critical for protection against BGP prefix hijacks. Recent works quantified ROV enforcing Autonomous Systems (ASes) using control-plane experiments. In this work we show that control-plane experiments do not provide accurate information about ROV-enforcing ASes. We devise data-plane approaches for evaluating ROV in the Internet and perform both control and data-plane experiments using different data acquisition sources. We analyze and correlate the results of our study to identify the number of ASes enforcing ROV, and hence protected with RPKI. We perform simulations with the ROV-enforcing ASes that we identified, and find that their impact on the Internet security against prefix hijacks is negligible. As a countermeasure we provide recommendations how to cope with the main factor hindering wide adoption of ROV.
|Title of host publication||Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018|
|Publisher||Institute of Electrical and Electronics Engineers Inc.|
|Number of pages||8|
|State||Published - 19 Jul 2018|
|Event||48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018 - Luxembourg City, Luxembourg|
Duration: 25 Jun 2018 → 28 Jun 2018
|Name||Proceedings - 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018|
|Conference||48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2018|
|Period||25/06/18 → 28/06/18|
Bibliographical noteFunding Information:
We thank Hank Nussbacher, Israel Inter-University Computation Center for setting up the experiment and providing measured data. The research reported in this paper has been supported in part by the German Federal Ministry of Education and Research (BMBF), by the Hessian Ministry of Science and the Arts within CRISP (www.crisp-da.de/) and co-funded by the DFG as part of project S3 within the CRC 1119 CROSSING.
© 2018 IEEE.
- Controlled Experiments
- Route Origin Validation