Doctoral Dissertation Oral Defense, Justin Furuness

Abstract: Before the adoption of Route Origin Validation (ROV), prefix and subprefix hijacks were the most effective and common attacks on BGP routing. Recent studies indicate that ROV adoption is increasing; with sufficient adoption, prefix and subprefix attacks become ineffective. We study this changing landscape and, in particular, the Autonomous System Provider Authorization (ASPA) proposal, which focuses on route leakage but also thwarts some BGP attacks. Using recent measurements of real-world ROV adoption, we evaluate its security impact. Our simulations show a substantial impact; already today, prefix hijacks are less effective than origin hijacks. Therefore, we expect attackers to shift to origin hijacks and other post-ROV attacks. We present extensive evaluations of the impact of ASPA, comparing it to alternatives such as BGPsec, Path-End, OTC, and EdgeFilter. We assess the defense against multiple post-ROV attacks, including a novel attack, neighbor spoofing, which is extremely powerful if not blocked. We show that ASPA significantly protects against post-ROV attacks, even with partial adoption—contrasting with BGPsec. However, interestingly, we find that ASPA is not better than OTC at preventing unintentional route leaks. The ASPA proposal presents a scenario where ASPA fails, involving a provider AS attacking an AS in its customer cone. We show that ASPA can similarly fail against an edge attacking AS. We present a possible fix; however, we also demonstrate that the fix does not significantly improve ASPA's defenses against a random attacker.

Conferences & Speakers