RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI

Li, Weitong; Lin, Zhexiao; Ashiq, Md. Ishtiaq; Aben, Emile; Fontugne, Romain; Phokeer, Amreesh; Chung, Taejoong

RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI

dc.contributor.author	Li, Weitong	en
dc.contributor.author	Lin, Zhexiao	en
dc.contributor.author	Ashiq, Md. Ishtiaq	en
dc.contributor.author	Aben, Emile	en
dc.contributor.author	Fontugne, Romain	en
dc.contributor.author	Phokeer, Amreesh	en
dc.contributor.author	Chung, Taejoong	en
dc.date.accessioned	2023-11-02T13:07:41Z	en
dc.date.available	2023-11-02T13:07:41Z	en
dc.date.issued	2023-10-24	en
dc.date.updated	2023-11-01T08:01:46Z	en
dc.description.abstract	The Resource Public Key Infrastructure (RPKI) is a system to add security to the Internet routing. In recent years, the publication of Route Origin Authorization (ROA) objects, which bind IP prefixes to their legitimate origin ASN, has been rapidly increasing. However, ROAs are effective only if the routers use them to verify and filter invalid BGP announcements, a process called Route Origin Validation (ROV). There are many proposed approaches to measure the status of ROV in the wild, but they are limited in scalability or accuracy. In this paper, we present RoVista, an ROV measurement framework that leverages IP-ID side channel and in-the-wild RPKI-invalid prefix. With over 20 months of longitudinal measurement, RoVista successfully covers more than 28K ASes where 63.8% of ASes have derived benefits from ROV, although the percentage of fully protected ASes remains relatively low at 12.3%. In order to validate our findings, we have also sought input from network operators. We then evaluate the security impact of current ROV deployment and reveal misconfigurations that will weaken the protection of ROV. Lastly, we compare RoVista with other approaches and conclude with a discussion of our findings and limitations.	en
dc.description.version	Published version	en
dc.format.mimetype	application/pdf	en
dc.identifier.doi	https://doi.org/10.1145/3618257.3624806	en
dc.identifier.uri	http://hdl.handle.net/10919/116619	en
dc.language.iso	en	en
dc.publisher	ACM	en
dc.rights	Creative Commons Attribution 4.0 International	en
dc.rights.holder	The author(s)	en
dc.rights.uri	http://creativecommons.org/licenses/by/4.0/	en
dc.title	RoVista: Measuring and Analyzing the Route Origin Validation (ROV) in RPKI	en
dc.type	Article - Refereed	en
dc.type.dcmitype	Text	en

Files

Original bundle

Now showing 1 - 1 of 1

Name:: 3618257.3624806.pdf
Size:: 1.24 MB
Format:: Adobe Portable Document Format
Description:: Published version

Download

License bundle

Now showing 1 - 1 of 1

Name:: license.txt
Size:: 0 B
Format:: Item-specific license agreed upon to submission
Description:

Download

Collections

Journal Articles, Association for Computing Machinery (ACM)
Scholarly Works, Computer Science