Justin Furuness (University of Connecticut), Cameron Morris (University of Connecticut), Reynaldo Morillo (University of Connecticut), Arvind Kasiliya (University of Connecticut), Bing Wang (University of Connecticut), Amir Herzberg (University of Connecticut)
Before the adoption of Route Origin Validation (ROV), prefix and subprefix hijacks were the most effective and common attacks on BGP routing. Recent works show that ROV adoption is increasing rapidly; with sufficient ROV adoption, prefix and subprefix attacks become ineffective.
We study this changing landscape and in particular the Autonomous System Provider Authorization (ASPA) proposal,
which focuses on route leakage but also foils some other
attacks.
Using recent measurements of real-world ROV adoption, we evaluate its security impact. Our simulations show substantial impact: emph{already today}, prefix hijacks are less effective than forged-origin hijacks, and the effectiveness of subprefix hijacks is much reduced.
Therefore, we expect attackers to move to forged-origin hijacks and other emph{post-ROV attacks}; we present a new, powerful post-ROV attack, emph{spoofing}.
We present extensive evaluations of different post-ROV defenses and attacks. Our results show that ASPA significantly protects against post-ROV attacks, even in partial adoption. It dramatically improves upon the use of only ROV or of BGPsec, Path-End, OTC, and EdgeFilter. BGP-iSec has even better protection but requires public-key operations to export/import announcements. We also present ASPAwN, an extension that further improves ASPA's performance. Our results show that contrary to prior works [74], [95], ASPA is effective even when tier-1 ASes are not adopting, hence motivating ASPA adoption at edge and intermediate ASes.
On the other hand, we find that against
emph{accidental} route leaks, the simpler, standardized OTC mechanism is as effective as ASPA.