一种衡量RPKI路由验证和过滤采用情况的严谨方法

Comput. Commun. Rev. Pub Date : 2017-06-13 DOI:10.1145/3211852.3211856

A. Reuter, R. Bush, Ítalo F. S. Cunha, Ethan Katz-Bassett, T. Schmidt, Matthias Wählisch

{"title":"一种衡量RPKI路由验证和过滤采用情况的严谨方法","authors":"A. Reuter, R. Bush, Ítalo F. S. Cunha, Ethan Katz-Bassett, T. Schmidt, Matthias Wählisch","doi":"10.1145/3211852.3211856","DOIUrl":null,"url":null,"abstract":"A proposal to improve routing security---Route Origin Authorization (ROA)---has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid routes? Which reject them outright? Which de-preference them if alternatives exist?\n Recent analysis attempts to use uncontrolled experiments to characterize ROV adoption by comparing valid routes and invalid routes. However, we argue that gaining a solid understanding of ROV adoption is impossible using currently available data sets and techniques. Instead, we devise a verifiable methodology of controlled experiments for measuring ROV. Our measurements suggest that, although some ISPs are not observed using invalid routes in uncontrolled experiments, they are actually using different routes for (non-security) traffic engineering purposes, without performing ROV. We conclude with presenting three AS that do implement ROV as confirmed by the operators.","PeriodicalId":403234,"journal":{"name":"Comput. Commun. Rev.","volume":"15 10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"51","resultStr":"{\"title\":\"Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering\",\"authors\":\"A. Reuter, R. Bush, Ítalo F. S. Cunha, Ethan Katz-Bassett, T. Schmidt, Matthias Wählisch\",\"doi\":\"10.1145/3211852.3211856\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A proposal to improve routing security---Route Origin Authorization (ROA)---has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid routes? Which reject them outright? Which de-preference them if alternatives exist?\\n Recent analysis attempts to use uncontrolled experiments to characterize ROV adoption by comparing valid routes and invalid routes. However, we argue that gaining a solid understanding of ROV adoption is impossible using currently available data sets and techniques. Instead, we devise a verifiable methodology of controlled experiments for measuring ROV. Our measurements suggest that, although some ISPs are not observed using invalid routes in uncontrolled experiments, they are actually using different routes for (non-security) traffic engineering purposes, without performing ROV. We conclude with presenting three AS that do implement ROV as confirmed by the operators.\",\"PeriodicalId\":403234,\"journal\":{\"name\":\"Comput. Commun. Rev.\",\"volume\":\"15 10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"51\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Comput. Commun. Rev.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3211852.3211856\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Comput. Commun. Rev.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3211852.3211856","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 51

摘要

一个改进路由安全性的提议——路由起源授权(ROA)——已经标准化。ROA指定允许哪个网络宣布一组Internet目的地。虽然现在有些网络指定了roa，但对于其他网络是否会根据这些roa检查它们收到的路由，这一过程被称为路由起源验证(ROV)，我们知之甚少。哪些网络盲目接受无效路由?哪一个直接拒绝?如果存在其他选择，哪一个去偏好它们?最近的分析尝试使用不受控制的实验，通过比较有效路线和无效路线来表征ROV的采用情况。然而，我们认为，利用现有的数据集和技术，对ROV的采用进行深入了解是不可能的。相反，我们设计了一种可验证的控制实验方法来测量ROV。我们的测量结果表明，尽管在不受控制的实验中没有观察到一些isp使用无效路由，但他们实际上是为了(非安全)流量工程目的而使用不同的路由，而没有执行ROV。最后，我们介绍了经运营商确认的三种采用ROV的AS。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering

A proposal to improve routing security---Route Origin Authorization (ROA)---has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid routes? Which reject them outright? Which de-preference them if alternatives exist? Recent analysis attempts to use uncontrolled experiments to characterize ROV adoption by comparing valid routes and invalid routes. However, we argue that gaining a solid understanding of ROV adoption is impossible using currently available data sets and techniques. Instead, we devise a verifiable methodology of controlled experiments for measuring ROV. Our measurements suggest that, although some ISPs are not observed using invalid routes in uncontrolled experiments, they are actually using different routes for (non-security) traffic engineering purposes, without performing ROV. We conclude with presenting three AS that do implement ROV as confirmed by the operators.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Comput. Commun. Rev.

自引率

0.00%

发文量