Abstract
Despite its critical role in Internet connectivity, the Border Gateway Protocol (BGP) remains highly vulnerable to attacks such as prefix hijacking, where an Autonomous System (AS) announces routes for IP space it does not control. To address this issue, the Resource Public Key Infrastructure (RPKI) was developed starting in 2008, with deployment beginning in 2011. This paper performs the first comprehensive, longitudinal study of the deployment, coverage, and quality of RPKI.
We use a unique dataset containing all RPKI Route Origin Authorizations (ROAs) from the moment RPKI was first deployed, more than 8 years ago. We combine this dataset with BGP announcements from more than 3,300 BGP collectors worldwide. Our analysis shows the after a gradual start, RPKI has seen a rapid increase in adoption over the past two years. We also show that although misconfigurations were rampant when RPKI was first deployed (causing many announcements to appear as invalid) they are quite rare today. We develop a taxonomy of invalid RPKI announcements, then quantify their prevalence. We further identify suspicious announcements indicative of prefix hijacking and present case studies of likely hijacks.
Overall, we conclude that while misconfigurations still do occur, RPKI is “ready for the big screen,” and routing security can be increased by dropping invalid announcements. To foster reproducibility and further studies, we release all RPKI data and the tools we used to analyze it into the public domain.
We use a unique dataset containing all RPKI Route Origin Authorizations (ROAs) from the moment RPKI was first deployed, more than 8 years ago. We combine this dataset with BGP announcements from more than 3,300 BGP collectors worldwide. Our analysis shows the after a gradual start, RPKI has seen a rapid increase in adoption over the past two years. We also show that although misconfigurations were rampant when RPKI was first deployed (causing many announcements to appear as invalid) they are quite rare today. We develop a taxonomy of invalid RPKI announcements, then quantify their prevalence. We further identify suspicious announcements indicative of prefix hijacking and present case studies of likely hijacks.
Overall, we conclude that while misconfigurations still do occur, RPKI is “ready for the big screen,” and routing security can be increased by dropping invalid announcements. To foster reproducibility and further studies, we release all RPKI data and the tools we used to analyze it into the public domain.
| Original language | English |
|---|---|
| Title of host publication | IMC '19 |
| Subtitle of host publication | ACM Internet Measurement Conference, Amsterdam Netherlands, October, 2019 |
| Place of Publication | New York |
| Publisher | Association for Computing Machinery |
| Pages | 406-419 |
| Number of pages | 14 |
| ISBN (Electronic) | 9781450369480 |
| ISBN (Print) | 978-1-4503-6948-0 |
| DOIs | |
| Publication status | Published - 21 Oct 2019 |
| Event | Internet Measurement Conference, IMC 2019 - Koninklijk Instituut voor de Tropen, Amsterdam, Netherlands Duration: 21 Oct 2019 → 23 Oct 2019 https://conferences.sigcomm.org/imc/2019/ |
Conference
| Conference | Internet Measurement Conference, IMC 2019 |
|---|---|
| Abbreviated title | IMC |
| Country/Territory | Netherlands |
| City | Amsterdam |
| Period | 21/10/19 → 23/10/19 |
| Internet address |
Keywords
- RPKI
- Routing
- Routing security
- BGP
- Cybersecurity