We study and extend Route Origin Validation (ROV), the basis for the IETF defenses of interdomain routing. We focus on two important hijack attacks: subprefix hijacks and non-routed prefix hijacks. For both attacks, we show that, with partial deployment, ROV provides disappointing security benefits. We also present a new attack, superprefix hijacks, which completely circumvent ROV's defense for non-routed prefix hijacks. We then present ROV++, a novel extension of ROV, with significantly improved security benefits even with partial adoption. For example, with uniform 5% adoption for edge ASes (ASes with no customers or peers), ROV prevents less than 5% of subprefix hijacks, while ROV++ prevents more than 90% of subprefix hijacks. ROV++ also defends well against non-routed prefix attacks and the novel superprefix attacks. We evaluated several ROV++ variants, all sharing the improvements in defense; this includes “Lite”, software-only variants, deployable with existing routers. Our evaluation is based on extensive simulations over the Internet topology. We also expose an obscure yet important aspect of BGP, much amplified by ROV: inconsistencies between the observable BGP path (control-plane) and the actual traffic flows (data-plane). These inconsistencies are highly relevant for security, and often lead to a challenge we refer to as hidden hijacks.
CITATION STYLE
Morillo, R., Furuness, J., Herzberg, A., Morris, C., Breslin, J., & Wang, B. (2021). ROV++: Improved Deployable Defense against BGP Hijacking. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021. The Internet Society. https://doi.org/10.14722/ndss.2021.24438
Mendeley helps you to discover research relevant for your work.