Weitong Li, Yuze Li, and Taejoong Chung, Virginia Tech
The Resource Public Key Infrastructure (RPKI) enhances Internet routing security. RPKI are effective only when routers employ them to validate and filter invalid BGP announcements, a process known as Route Origin Validation (ROV). However, the partial deployment of ROV has led to the phenomenon of collateral damage, where even ROV-enabled ASes can inadvertently direct traffic to incorrect origins if subsequent hops fail to perform proper validation.
In this paper, we conduct the first comprehensive study to measure the extent of collateral damage in the real world. Our analysis reveals that a staggering 85.6% of RPKI-invalid announcements are vulnerable to collateral damage attacks and 34% of ROV-enabled ASes are still susceptible to collateral damage attacks. To address this critical issue, we introduce ImpROV, which detects and avoids next hops that are likely to cause collateral damage for a specific RPKI-invalid prefix; our approach operates without affecting other IP address spaces on the data plane that are not impacted by this collateral damage.
Our extensive evaluations show that ImpROV can reduce the hijack success ratio for most ASes that deployed ROV, while only introduce less than 3% and 4% of Memory and CPU overhead.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
