RPKI is Coming of Age

Chung, Tae-Sun; Aben, Emile; Bruijnzeels, Tim; Chandrasekaran, B.; Choffnes, David; Levin, Dave; Maggs, Bruce M.; Mislove, Alan; Rijswijk-Deij, Roland van; Rula, John P.; Sullivan, Nick

doi:10.1145/3355369.3355596

Cited by 48 publications

(9 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Despite its strong attestation, however, it has not been widely deployed yet due to the negative impact of misissued ROA, the certificate dependencies in the hierarchy of RPKI [27], [29], and its incapability of route-leak protection. Also, RPKI depends on the Public Key Infrastructure (PKI) managed by RIRs, the quality of RPKI deployment and its management is significantly different across the RIRs; for example, we found that on March 1st, 2023, 59.2% of IP prefixes in RIPE NCC, the European RIR, were covered by ROA objects, while only 23.9% of IP prefixes in AFRINIC, the RIR for Africa, were done ( §III), consistent with findings reported in 2019 [17]. Because of this limitation, Mutually Agreed Norms for Routing Security (MANRS) recommends the use of both IRR and RPKI [60].…”

Section: Introductionsupporting

confidence: 84%

“…We find that the number of BGP announcements and the number of covered BGP announcements increased on those dates, but the number of valid BGP announcements was almost the same as the other days. We also find that AS37468, operated by Angola Cables, made more than 176K BGP announcements on July 19th, 2018, which it did not announce for the four weeks around that day, which aligns with the report in [17].…”

Section: ) Bgp Coverage By Irr and Rpkisupporting

confidence: 76%

“…The first reason involves mislabeled Route objects resulting from errors in the configuration of the MaxLength attribute in the corresponding ROA objects, as reported in [17]. For instance, a Route object covered by a ROA object with a valid origin AS may be incorrectly labeled as invalid due to a misconfigured MaxLength attribute.…”

Section: A Datasets 1) Dataset Constructionmentioning

confidence: 99%

“…C. Efforts to build a PKI for BGP RPKI [37] was introduced in 2008 but has been deployed slowly. Chung et al [17] reported that the deployment is growing, but also there are deployment disparities across the RIRs. To tackle the low deployment problem, Hlavacek et al proposes a method to register ROAs automatically [29] to encourage network operators.…”

Section: B Efforts To Sanitize Interdomain Routing Informationmentioning

confidence: 99%

See 3 more Smart Citations

IRRedicator: Pruning IRR with RPKI-Valid BGP Insights

Kang,

Li,

van Rijswijk-Deij

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Border Gateway Protocol (BGP) provides a way of exchanging routing information to help routers construct their routing tables. However, due to the lack of security considerations, BGP has been suffering from vulnerabilities such as BGP hijacking attacks. To mitigate these issues, two data sources have been used, Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI), to provide reliable mappings between IP prefixes and their authorized Autonomous Systems (ASes). Each of the data sources, however, has its own limitations. IRR has been well-known for its stale Route objects with outdated AS information since network operators do not have enough incentives to keep them up to date, and RPKI has been slowly deployed due to its operational complexities. In this paper, we measure the prevalent inconsistencies between Route objects in IRR and ROA objects in RPKI. We next characterize inconsistent and consistent Route objects, respectively, by focusing on their BGP announcement patterns. Based on this insight, we develop a technique that identifies stale Route objects by leveraging a machine learning algorithm and evaluate its performance. From real trace-based experiments, we show that our technique can offer advantages against the status quo by reducing the percentage of potentially stale Route objects from 72% to 40% (of the whole IRR Route objects). In this way, we achieve 93% of the accuracy of validating BGP announcements while covering 87% of BGP announcements.

show abstract

Section: Introductionsupporting

confidence: 84%

Section: ) Bgp Coverage By Irr and Rpkisupporting

confidence: 76%

Section: A Datasets 1) Dataset Constructionmentioning

confidence: 99%

Section: B Efforts To Sanitize Interdomain Routing Informationmentioning

confidence: 99%

See 2 more Smart Citations

IRRedicator: Pruning IRR with RPKI-Valid BGP Insights

Kang,

Li,

van Rijswijk-Deij

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Since many IP spaces are not covered in ROA records, ROV may identify the validation result of an illegitimate BGP announcement as "unknown" and thus improperly accepts it. What's worse, it is also frequently observed that ROV may mistakenly discard legitimate BGP announcements due to incomplete or misconfigured ROA records [49], [48]. Therefore, to improve the accuracy and effectiveness of ROV, it is necessary to increase the deployment rate of ROA.…”

Section: Technical Reasons the Technical Reasons Can Be Classified In...mentioning

confidence: 99%

Understanding Route Origin Validation Deployment in the Real World and Why MANRS Action 1 Is Not Followed

Qin,

Chen,

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

BGP hijacking is one of the most important threats to routing security. To improve the reliability and availability of inter-domain routing, a lot of work has been done to defend against BGP hijacking, and Route Origin Validation (ROV) has become the best current practice. However, although the Mutually Agreed Norms for Routing Security (MANRS) has been encouraging network operators to at least validate announcements of their customers, recent research indicates that a large number of networks still do not fully deploy ROV or propagate illegitimate announcements of their customers. To understand ROV deployment in the real world and why network operators are not following the action proposed by MANRS, we make a long-term measurement for ROV deployment and further find that many non-compliant networks may deploy ROV only at part of customer interfaces, or at provider or peer interfaces. Then, we present the first notification experiment to investigate the impact of notifications on ROV remediation. However, our analysis indicates that none of the notification treatments has a significant effect. After that, we conduct a survey among network operators and find that economical and technical problems are the two major classes of reasons for non-compliance. Seeking a realistic ROV deployment strategy, we perform large-scale simulations, and, to our surprise, find that not following MANRS Action 1 can lead to better defence of prefix hijacking. Finally, with all our findings, we provide practical recommendations and outline future directions to help promote ROV deployment.

show abstract