Reynaldo Morillo (University of Connecticut), Justin Furuness (University of Connecticut), Cameron Morris (University of Connecticut), James Breslin (University of Connecticut), Amir Herzberg (University of Connecticut), Bing Wang (University of Connecticut)

We study and extend Route Origin Validation (ROV), the basis for the IETF defenses of interdomain routing. We focus on two important hijack attacks: _subprefix hijacks_ and _non-routed prefix hijacks_. For both attacks, we show that, with partial deployment, ROV provides disappointing security benefits. We also present _superprefix hijacks_, which completely circumvent ROV's defense for non-routed prefix hijacks, and significantly circumvents it for (announced) prefix hijacks.

We then present ROV++, a novel extension of ROV, with significantly improved security benefits even with partial adoption. For example, with uniform 5% adoption for edge ASes (ASes with no customers or peers), ROV prevents less than 5% of subprefix hijacks while ROV++ prevents more than 90% of subprefix hijacks. ROV++ also defends well against non-routed prefix attacks and the novel superprefix attacks.

We evaluated several ROV++ variants, all sharing the improvements in defense; this includes "Lite", _software-only_ variants, deployable with existing routers. Our evaluation is based on extensive simulations over the Internet topology.

We also expose an obscure yet important aspect of BGP, much amplified by ROV: _inconsistencies_ between the observable BGP path (control-plane) and the actual traffic flows (data-plane). These inconsistencies are highly relevant for security, and often lead to a challenge we refer to as _hidden hijacks_.

View More Papers

POSEIDON: Privacy-Preserving Federated Neural Network Learning

Sinem Sav (EPFL), Apostolos Pyrgelis (EPFL), Juan Ramón Troncoso-Pastoriza (EPFL), David Froelicher (EPFL), Jean-Philippe Bossuat (EPFL), Joao Sa Sousa (EPFL), Jean-Pierre Hubaux (EPFL)

Read More

Flexsealing BGP Against Route Leaks: Peerlock Active Measurement and...

Tyler McDaniel (University of Tennessee, Knoxville), Jared M. Smith (University of Tennessee, Knoxville), Max Schuchard (University of Tennessee, Knoxville)

Read More

Demo #4: Attacking Tesla Model X’s Autopilot Using Compromised...

Ben Nassi (Ben-Gurion University of the Negev), Yisroel Mirsky (Ben-Gurion University of the Negev, Georgia Tech), Dudi Nassi, Raz Ben Netanel (Ben-Gurion University of the Negev), Oleg Drokin (Independent Researcher), and Yuval Elovici (Ben-Gurion University of the Negev) Best Demo Award Winner ($300 cash prize)!

Read More

Time-Based CAN Intrusion Detection Benchmark

Deborah Blevins (University of Kentucky), Pablo Moriano, Robert Bridges, Miki Verma, Michael Iannacone, and Samuel Hollifield (Oak Ridge National Laboratory)

Read More