Doctoral Dissertation Oral Defense of Justin Furuness

Please attend: Doctoral Dissertation Oral Defense Title: Securing BGP ASAP: ASPA and other post-ROV policies Ph.D. Candidate: Justin Furuness Major Advisor: Dr. Amir Herzberg Associate Advisors: Dr. Bing Wang, Dr. Ghada Almashaqbeh Date/Time: Friday July 12th 2PM 2024 Location: ITE201 WebEx Meeting LineL https://meetingsamer41.webex.com/meetingsamer41/j.php?MTID=me9cba4aa1f391c40b1225841520e5313 Meeting number: 2553 067 2425 Password: pgMGEhKr968 (74643457 when dialing from a video system) Abstract: Before the adoption of Route Origin Validation (ROV), prefix and subprefix hijacks were the most effective and common attacks on BGP routing. Recent studies indicate that ROV adoption is increasing; with sufficient adoption, prefix and subprefix attacks become ineffective. We study this changing landscape and, in particular, the Autonomous System Provider Authorization (ASPA) proposal, which focuses on route leakage but also thwarts some BGP attacks. Using recent measurements of real-world ROV adoption, we evaluate its security impact. Our simulations show a substantial impact; already today, prefix hijacks are less effective than origin hijacks. Therefore, we expect attackers to shift to origin hijacks and other post-ROV attacks. We present extensive evaluations of the impact of ASPA, comparing it to alternatives such as BGPsec, Path-End, OTC, and EdgeFilter. We assess the defense against multiple post-ROV attacks, including a novel attack, neighbor spoofing, which is extremely powerful if not blocked. We show that ASPA significantly protects against post-ROV attacks, even with partial adoption—contrasting with BGPsec. However, interestingly, we find that ASPA is not better than OTC at preventing unintentional route leaks. The ASPA proposal presents a scenario where ASPA fails, involving a provider AS attacking an AS in its customer cone. We show that ASPA can similarly fail against an edge attacking AS. We present a possible fix; however, we also demonstrate that the fix does not significantly improve ASPA's defenses against a random attacker.