RPKI Keep Your Friends Close, but Your Routeservers Closer (PaperReading)

已于 2023-09-16 13:09:10 修改
阅读量42 收藏
点赞数
分类专栏: 计算机网络 PaperReading RPKI 文章标签: 笔记 计算机网络
于 2023-09-11 16:25:19 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_45347752/article/details/132812004
版权

Keep Your Friends Close, but Your Routeservers Closer: Insights into RPKI Validation in the Internet

Note for paper: Keep Your Friends Close, but Your Routeservers Closer: Insights into RPKI Validation in the Internet (USENIX Security '23)

Dataset: (ROV)[https://sit4.me/rpki]

Introduction

  • BGP prefix hijacks: BGP prefix hijacks allow adversaries to intercept, manipulate, and blackhole communication.
  • Filtering invalid routes with RPKI
    • Our goal is to understand how ROV in different network types affects the propagation of invalid paths and how effective ROV deployments are in blocking hijacks.
  • Measurements of ROV: a combination of control and data-plane measurements [PIPE Atlas]
  • Research Goals: To gain insights into how far the invalid routes can reach, the scope of the affected networks, the impact of ROV on the reachability of ASes, which parts of the Internet are not protected, and which networks play a central role in providing global protection against hijacks.
  • Technical contributions:
    • Improved ROV measurements
    • Invalid paths over IXPs
    • Propagation of invalid routes

Related Work

  • Approaches for measuring ROV.
    Measuring ROV

    • In 2023, an online service called RoVista4 was set up for reporting ROV enforcement.
    • [9] passively monitored ASes that originated valid and invalid BGP announcements, and then collected ASes that were on the paths towards the valid prefix, but not on the paths towards the invalid prefix.\
    • [7] passively analyzed the historical data from RouteViews to identify changes in routing behavior
    • Cloudflare: community-driven effort to summarize ROV implementation of large providers.
    • Asia-Pacific Network Information Centre (APNIC): Dataset

Methodology

  • Hlavacek et al : Measuring ROV enforcement on the data plane with RIPE Atlas

    • For the data-plane measurements, RIPE Atlas is used, a collection of small devices distributed in different ASes of the Internet.

    • Researchers can obtain access to those devices to run traceroute measurements from many observation points to a predetermined target.

    • If any traceroute to a prefix is routed to a ROA-invalid AS, i.e., falls victim to the hijack, the path to that AS is considered invalid and all ASes on the path are marked as not enforcing ROV.

    • false positives

      • AS 1 and AS 3 are wrongfully classified as ROV-enforcing. While the false positives might be reduced by using multiple origins, a lack of identification which on-path AS enforces ROV still leads to faulty classifications.
  • Rodday et al.
    • use a single ASN to announce updates to the Internet and, similarly to [7], probe the paths that updates take over a large number of distributed RIPE Atlas probes.
    • Strict Rules: They distinguish between ASes one hop away from their target and ASes 2+ hops away. ASes in a distance of one hop do not, by definition, have any AS between them and are thus not susceptible to false positives induced by other on-path ASes enforcing ROV. In the 2+ hop case, intermediate ASes may enforce ROV.
    • increase in false negatives
  • Ours
    • announcing two prefixes from two ASes
    • Divergence points

Measurements of ROV Enforcement

  • Control-Plane: Monitor the propagation of our BGP announcements on the control-plane
    • route collectors by Routeviews and the RIPE Routing Information Service (RIS).
  • Data-Plane:
    • Traceroute packets
    • IP addresses on Traceroute paths are mapped according to the CAIDA AS and IXP mapping

Results

  • How many ASes enforce ROV

    • Control-plane results
      Control-Plane Results

    • Data-plane results
      Data-Plain Results

  • Characterization of ASes with ROV

    • Europe (30.3%) and North America (23.5%) have significantly higher rates of enforcing ASes than the rest of the world.
    • IXPs (Internet Exchange Points) and stub-ASes have a significantly higher rate of indirect protection or the lack of positive evidence than ISPs (Internet Service Providers).
    • ASes that enforce ROV strictly tend to be larger than non-enforcing ASes.

  • Validation of our results

    • validation of ROV measurements is still an open question. (no ground-truth)
    • Cloudflare: community-driven effort to summarize ROV implementation of large providers.
    • Asia-Pacific Network Information Centre (APNIC): Dataset

Invalid Paths over Internet Exchanges

Propagation of Invalid Paths

Simba17
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Friends 第一季英文学习整理
mybirdsky的专栏
01-17 4万+
2006-06-19 11:22:56 Friends 第一季英文学习整理Episode 101 : The One Where Monica Gets A New Roommate (Pilot)Episode 102 : The One With The Sonogram At The EndEpisode 103 : The One With The ThumbEpi
Your State is Not Mine A Closer Look at Evading Stateful Internet Censorship
12-13
Your State is Not Mine A Closer Look at Evading Stateful Internet Censorship
15 steps to launch your own startup in Europe
呆萌院长
09-12 3393
http://christianreber.com/ I was only 19 when I moved to Berlin to study Computer Science and International Management. My big dream was to start a global tech company that would have a lasting i
Making use Parajumpers of your comprehensive bodied ducks out inside the
csdnwaiwai920820的博客
10-22 91
What is winter? The official definition describes winter like this. Winter is the season that has the shortest...
Seek the Best in Your Spouse
jefferson_wu的专栏
02-06 204
转载自读者,行文不错------------------------------------------ Every marriage has its bumps, and they can pop up at any time. What's important is that you learn to navigate them smoothly -- before they send you...
高级英语(张汉熙版)第一册学习笔记(原文及全文翻译)——12 - Everyday Use for your grandmamma(外婆的日用家当)
预见未来to50的专栏
12-01 8711
Unit 12 -Everyday Use for your grandmamma Everyday Use for your grandmamma I will wait for her in the yard that Maggie and I made so clean and wavy yesterday afternoon. A yard like this is more comfortable than most people know. It is not just a yard..
一生必看的电影
我的E家
01-06 6455
ps:超越国家、种族,给人以精神力量 《肖申克的救赎》 忙着生,还是忙着死,这是一个深刻的话题。除了电影主人公在面临恶劣残酷的生存条件外,当下的我们,不妨也静下来反思一下自己的行为,属于哪一种呢 《当幸福来敲门》 在篮球场上,男主人公跟儿子说:别让人告诉你,你成不了才,即使是我也不行。男主人公的乐观、坚持、积极争取的心态,是每个人在面临不同层面的“困境”时,都需要学习的。不禁想起《自卑与超...
Ubuntu 意外死机 (Linux Crash/Hang)解决
热门推荐
zhangrelay的专栏
05-13 3万+
Ubuntu 意外死机 (Linux Crash/Hang)解决以Intel Bay Trail/J1900/N2940 为例,通常是由于linux kernel和硬件兼容性问题导致:查询网址:https://bugzilla.kernel.org/点开对应问题,就可以看到问题,和一些解决方案。 Bug List: (5 of 5) First Last Prev Ne
雅思口语-Part1练习
Jay的个人博客
11-15 425
雅思口语-Part1练习
The Hacker Way
This is bill的专属博客
07-23 1493
On Wednesday, Facebook filed the prospectus for a $5 billion initial public offering. Here is CEO Mark Zuckerberg’s letter to potential investors. Facebook was not originally created to be a company.
Pro-Closer.rar_Closer...
09-24
【标题】"Pro-Closer.rar_Closer..." 指向的是一款名为 "Pro-Closer" 的软件,这可能是一个小型应用程序,专为用户提供程序关闭功能,尤其是那些需要密码才能正常关闭的程序。从描述来看,它似乎具有一个简单的界面...
Auto-Closer.rar_The Closer
09-21
The Program Auto Close window or popup in windows you are enter the caption of window or popup and click start if show window the program auto close windows
New-WinRAR-ZIP-archive.zip_The Closer
09-23
We are getting closer to a time when we will be able to cost fectively integrate billions of transistors on an integrated circuit. fact, we are seeing the beginning of this era with the broad adoption...
0804 串口接收字符串控制LED +PWM_光敏LED_PWM串口_STM32F103_closer8mf_
10-02
标题中的“0804 串口接收字符串控制LED +PWM_光敏LED_PWM串口_STM32F103_closer8mf_”暗示了一个项目或教程,它涉及了使用STM32F103微控制器通过串口接收字符串来控制LED的亮度,并且结合了PWM(脉宽调制)技术以及...
2024-07-05 base SAS programming学习笔记9(variables)
ddjdd1234的博客
07-05 467
由于SAS 每次都会执行IF THEN 语句,因此在对同一个变量进行操作时使用IF THEN ELSE IF THEN 语句来提高效率,避免重复使用IF-THEN 语句,在碰到TRUE的情况则会跳出该IF 语句。如果不存在select expression ,则会对每个when 语句判断TRUE或FALSE,SAS只会执行首次判断为TRUE的语句,一旦存在TRUE语句则跳出不对其他WHEN语句进行判断。在每次DO循环前检查是否满足WHILE的条件,只有满足WHILE的条件才继续循环,如果不满足则终止循环。
[笔记] 高等数学在各工程门类的典型应用场景
含光左卫的工作笔记集
07-04 940
必须引入高等数学知识才能解决的问题,相关工业门类及问题概述;包含复杂信号时域分析与微小信号提取技术相关的书目,期刊
pandas,dataframe使用笔记
分享计算机视觉,C++,嵌入式等知识。
07-05 423
dataframe属于pandas。
MyBatis框架学习笔记(一):MyBatis入门
最新发布
2301_76144723的博客
07-08 347
MyBatis 中文手册:(1)https://mybatis.org/mybatis-3/zh/index.html(2)https://mybatis.net.cn/Maven 仓库:https://mvnrepository.com/ 仓库作用:需要什么 jar 包,搜索得到对应的 maven dependency传统的 Java 程序操作 DB 分析-工作示意图(1)MyBatis 是一个持久层框架 (2)前身是 ibatis, 在 ibatis3.x 时,更名为 MyBatis (3)MyBati
defer closer.Close()
05-20
这是一行 Go 代码,用于延迟执行 `closer.Close()` 方法。在 Go 中,`defer` 关键字可以用于在函数返回前执行一些清理操作。这对于需要释放资源的操作非常有用。在这个例子中,可能是打开了一些文件、网络连接或者...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值