IRRedicator: Pruning IRR with RPKI-Valid BGP Insights

Minhyeok Kang; Weitong Li; Roland van Rijswijk-Deij; Ted "Taekyoung" Kwon; Taejoong Chung

doi:10.14722/ndss.2024.24524

IRRedicator: Pruning IRR with RPKI-Valid BGP Insights

Minhyeok Kang, Weitong Li, Roland van Rijswijk-Deij, Ted "Taekyoung" Kwon, Taejoong Chung

Research output: Contribution to conference › Paper › peer-review

38 Downloads (Pure)

Abstract

Border Gateway Protocol (BGP) provides a way of exchanging routing information to help routers construct their routing tables. However, due to the lack of security considerations, BGP has been suffering from vulnerabilities such as BGP hijacking attacks. To mitigate these issues, two data sources have been used, Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI), to provide reliable mappings between IP prefixes and their authorized Autonomous Systems (ASes). Each of the data sources, however, has its own limitations. IRR has been well-known for its stale Route objects with outdated AS information since network operators do not have enough incentives to keep them up to date, and RPKI has been slowly deployed due to its operational complexities. In this paper, we measure the prevalent inconsistencies between Route objects in IRR and ROA objects in RPKI. We next characterize inconsistent and consistent Route objects, respectively, by focusing on their BGP announcement patterns. Based on this insight, we develop a technique that identifies stale Route objects by leveraging
a machine learning algorithm and evaluate its performance. From real trace-based experiments, we show that our technique can offer advantages against the status quo by reducing the percentage of potentially stale Route objects from 72% to 40% (of the whole IRR Route objects). In this way, we achieve 93% of the accuracy of validating BGP announcements while covering 87% of BGP announcements.

Original language	English
DOIs	https://doi.org/10.14722/ndss.2024.24524
Publication status	Published - 2024
Event	Network and Distributed System Security Symposium, NDSS 2024 - San Diego, United States Duration: 26 Feb 2024 → 1 Mar 2024

Conference

Conference	Network and Distributed System Security Symposium, NDSS 2024
Abbreviated title	NDSS
Country/Territory	United States
City	San Diego
Period	26/02/24 → 1/03/24

Access to Document

10.14722/ndss.2024.24524

ArticleFinal published version, 683 KB

Cite this

@conference{cc63d2834e8248c7a6a364af7e2f9ad9,

title = "IRRedicator: Pruning IRR with RPKI-Valid BGP Insights",

abstract = "Border Gateway Protocol (BGP) provides a way of exchanging routing information to help routers construct their routing tables. However, due to the lack of security considerations, BGP has been suffering from vulnerabilities such as BGP hijacking attacks. To mitigate these issues, two data sources have been used, Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI), to provide reliable mappings between IP prefixes and their authorized Autonomous Systems (ASes). Each of the data sources, however, has its own limitations. IRR has been well-known for its stale Route objects with outdated AS information since network operators do not have enough incentives to keep them up to date, and RPKI has been slowly deployed due to its operational complexities. In this paper, we measure the prevalent inconsistencies between Route objects in IRR and ROA objects in RPKI. We next characterize inconsistent and consistent Route objects, respectively, by focusing on their BGP announcement patterns. Based on this insight, we develop a technique that identifies stale Route objects by leveraginga machine learning algorithm and evaluate its performance. From real trace-based experiments, we show that our technique can offer advantages against the status quo by reducing the percentage of potentially stale Route objects from 72\% to 40\% (of the whole IRR Route objects). In this way, we achieve 93\% of the accuracy of validating BGP announcements while covering 87\% of BGP announcements.",

author = "Minhyeok Kang and Weitong Li and \{van Rijswijk-Deij\}, Roland and Kwon, \{Ted {"}Taekyoung{"}\} and Taejoong Chung",

year = "2024",

doi = "10.14722/ndss.2024.24524",

language = "English",

note = "Network and Distributed System Security Symposium, NDSS 2024, NDSS ; Conference date: 26-02-2024 Through 01-03-2024",

}

TY - CONF

T1 - IRRedicator

T2 - Network and Distributed System Security Symposium, NDSS 2024

AU - Kang, Minhyeok

AU - Li, Weitong

AU - van Rijswijk-Deij, Roland

AU - Kwon, Ted "Taekyoung"

AU - Chung, Taejoong

PY - 2024

Y1 - 2024

N2 - Border Gateway Protocol (BGP) provides a way of exchanging routing information to help routers construct their routing tables. However, due to the lack of security considerations, BGP has been suffering from vulnerabilities such as BGP hijacking attacks. To mitigate these issues, two data sources have been used, Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI), to provide reliable mappings between IP prefixes and their authorized Autonomous Systems (ASes). Each of the data sources, however, has its own limitations. IRR has been well-known for its stale Route objects with outdated AS information since network operators do not have enough incentives to keep them up to date, and RPKI has been slowly deployed due to its operational complexities. In this paper, we measure the prevalent inconsistencies between Route objects in IRR and ROA objects in RPKI. We next characterize inconsistent and consistent Route objects, respectively, by focusing on their BGP announcement patterns. Based on this insight, we develop a technique that identifies stale Route objects by leveraginga machine learning algorithm and evaluate its performance. From real trace-based experiments, we show that our technique can offer advantages against the status quo by reducing the percentage of potentially stale Route objects from 72% to 40% (of the whole IRR Route objects). In this way, we achieve 93% of the accuracy of validating BGP announcements while covering 87% of BGP announcements.

AB - Border Gateway Protocol (BGP) provides a way of exchanging routing information to help routers construct their routing tables. However, due to the lack of security considerations, BGP has been suffering from vulnerabilities such as BGP hijacking attacks. To mitigate these issues, two data sources have been used, Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI), to provide reliable mappings between IP prefixes and their authorized Autonomous Systems (ASes). Each of the data sources, however, has its own limitations. IRR has been well-known for its stale Route objects with outdated AS information since network operators do not have enough incentives to keep them up to date, and RPKI has been slowly deployed due to its operational complexities. In this paper, we measure the prevalent inconsistencies between Route objects in IRR and ROA objects in RPKI. We next characterize inconsistent and consistent Route objects, respectively, by focusing on their BGP announcement patterns. Based on this insight, we develop a technique that identifies stale Route objects by leveraginga machine learning algorithm and evaluate its performance. From real trace-based experiments, we show that our technique can offer advantages against the status quo by reducing the percentage of potentially stale Route objects from 72% to 40% (of the whole IRR Route objects). In this way, we achieve 93% of the accuracy of validating BGP announcements while covering 87% of BGP announcements.

U2 - 10.14722/ndss.2024.24524

DO - 10.14722/ndss.2024.24524

M3 - Paper

Y2 - 26 February 2024 through 1 March 2024

ER -

IRRedicator: Pruning IRR with RPKI-Valid BGP Insights

Abstract

Conference

Access to Document

Fingerprint

Cite this