Tomas Hlavacek (Fraunhofer SIT), Italo Cunha (Universidade Federal de Minas Gerais), Yossi Gilad (Hebrew University of Jerusalem), Amir Herzberg (University of Connecticut), Ethan Katz-Bassett (Columbia University), Michael Schapira (Hebrew University of Jerusalem), Haya Shulman (Fraunhofer SIT)

BGP is a gaping security hole in today's Internet, as evidenced by numerous Internet outages and blackouts, repeated traffic hijacking, and surveillance incidents. Yet, despite Herculean efforts, ubiquitous deployment of the Resource Public Key Infrastructure (RPKI), designed to protect against prefix hijacking attacks, remains distant, due to RPKI's manual and error-prone certification process. We argue that deploying origin authentication at scale requires substituting the standard requirement of certifying legal ownership of IP address blocks with the goal of certifying de facto ownership. We show that settling for de facto ownership is sufficient for protecting against hazardous prefix hijacking and can be accomplished without requiring any changes to today's routing infrastructure. We present APKI, a readily deployable system that automatically certifies de facto ownership and generates the appropriate BGP-path-filtering rules at routers. We evaluate APKI's security and deployability via live experiments on the Internet using a prototype implementation of APKI and through simulations on empirically-derived datasets. To facilitate the reproducibility of our results, we open source our prototype, simulator, and measurement analysis code.

View More Papers

TKPERM: Cross-platform Permission Knowledge Transfer to Detect Overprivileged Third-party...

Faysal Hossain Shezan (University of Virginia), Kaiming Cheng (University of Virginia), Zhen Zhang (Johns Hopkins University), Yinzhi Cao (Johns Hopkins University), Yuan Tian (University of Virginia)

Read More

UIScope: Accurate, Instrumentation-free, and Visible Attack Investigation for GUI...

Runqing Yang (Zhejiang University), Shiqing Ma (Rutgers University), Haitao Xu (Arizona State University), Xiangyu Zhang (Purdue University), Yan Chen (Northwestern University)

Read More

Practical Traffic Analysis Attacks on Secure Messaging Applications

Alireza Bahramali (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst), Ramin Soltani (University of Massachusetts Amherst), Dennis Goeckel (University of Massachusetts Amherst), Don Towsley (University of Massachusetts Amherst)

Read More

Locally Differentially Private Frequency Estimation with Consistency

Tianhao Wang (Purdue University), Milan Lopuhaä-Zwakenberg (Eindhoven University of Technology), Zitao Li (Purdue University), Boris Skoric (Eindhoven University of Technology), Ninghui Li (Purdue University)

Read More