Doctoral Dissertation Oral Defense, Justin Furuness

Title: Securing BGP ASAP: ASPA and other post-ROV policies

Ph.D. Candidate: Justin Furuness

Advisor: Dr. Amir Herzberg

Associate Advisors: Dr. Bing Wang, Dr. Ghada Almashaqbeh

Date/Time: Friday July 12th 2PM 2024

Location: ITE201

https://justinfuruness-461.my.webex.com/justinfuruness-461.my/j.php?MTID=m1d9b6253a3984e35bf76cf498f8be0f7

Friday, July 12, 2024 2:00 PM | 1 hour 30 minutes | (UTC-04:00) Eastern Time (US & Canada)

Meeting number: 2553 067 2425

Password: pgMGEhKr968 (74643457 when dialing from a phone or video system)

 

Join by video system

Dial 25530672425@webex.com

You can also dial 173.243.2.68 and enter your meeting number.

 

Join by phone

+1-650-479-3208 United States Toll

 

Access code: 255 306 72425

Abstract: Before the adoption of Route Origin Validation (ROV), prefix and subprefix hijacks were the most effective and common attacks on BGP routing. Recent studies indicate that ROV adoption is increasing; with sufficient adoption, prefix and subprefix attacks become ineffective. We study this changing landscape and, in particular, the Autonomous System Provider Authorization (ASPA) proposal, which focuses on route leakage but also thwarts some BGP attacks. Using recent measurements of real-world ROV adoption, we evaluate its security impact. Our simulations show a substantial impact; already today, prefix hijacks are less effective than origin hijacks. Therefore, we expect attackers to shift to origin hijacks and other post-ROV attacks. We present extensive evaluations of the impact of ASPA, comparing it to alternatives such as BGPsec, Path-End, OTC, and EdgeFilter. We assess the defense against multiple post-ROV attacks, including a novel attack, neighbor spoofing, which is extremely powerful if not blocked. We show that ASPA significantly protects against post-ROV attacks, even with partial adoption—contrasting with BGPsec. However, interestingly, we find that ASPA is not better than OTC at preventing unintentional route leaks. The ASPA proposal presents a scenario where ASPA fails, involving a provider AS attacking an AS in its customer cone. We show that ASPA can similarly fail against an edge attacking AS. We present a possible fix; however, we also demonstrate that the fix does not significantly improve ASPA’s defenses against a random attacker.

Contact Info: Justin Furuness, jfuruness@gmail.com

Connect With Us