@phdthesis{, author = {Rodday, Nils Miro}, title = {Improving Internet Routing Security : From Origin Validation to Path Validation}, editor = {}, booktitle = {}, series = {}, journal = {}, address = {}, publisher = {}, edition = {}, year = {2024}, isbn = {978-90-365-6101-3; 978-90-365-6100-6}, volume = {}, number = {}, pages = {}, url = {}, doi = {10.3990/1.9789036561013}, keywords = {BGP, RPKI, Routing Security, Inter-domain routing}, abstract = {The Internet has become an integral part of all of our lives. Many people, especially younger generations, cannot even imagine a world without it as it is present in every aspect of their lives. Hence, it is imperative that the Internet is reliable and secure. While many think that the Internet is one coherent whole, it is indeed a network of networks. Each network is called an Autonomous System (AS) and has the freedom to decide on the preferred protocols and technologies within its boundaries. To communicate among each other, the one protocol and de-facto standard used is called Border Gateway Protocol (BGP). It facilitates the exchange of Internet Protocol (IP) address information and allows ASes to know to which destination the traffic has to be routed. It is equivalent to the exchange of zip codes among cities to know where packets have to go. The Internet developed from a small research project between three universities where trust was taken for granted to a worldwide and complex infrastructure. With more than 74,000 participants, we can no longer rely on each other’s good intent. The protocol, however, has largely remained the same regarding security. Therefore, several attack vectors continue to exist that allow for the redirection of traffic which in turn allows for its manipulation or the unavailability of entire parts of the Internet. Throughout the past decade, attempts have been made by the Internet Engineering Task Force to secure inter-domain routing. Origin validation provides a way for ASes to check whether the sender of a received BGP announcement is allowed to do so. The Resource Public Key Infrastructure (RPKI) implements origin validation by binding IP prefixes to AS numbers and is under deployment since 2011. More recently, path validation algorithms have attempted to secure not only the legitimacy of the BGP announcement’s origin but also the entire path the announcement travelled. The advantage of such technology is that the receiving party can infer whether an announcement was manipulated on the way and take appropriate actions. There is, however, uncertainty whether building on the existing RPKI infrastructure is the best option and which path validation algorithms under which constraints should receive the most attention. Therefore, the goal of this thesis is to assess whether we can build on top of the RPKI with algorithms securing the AS path to improve overall routing security. To achieve our goal and improve Internet routing security we perform large-scale measurements and simulations on the deployment of origin validation, default routes, and path validation algorithms. Our first contribution summarizes existing related work and identifies gaps. We categorize the significant publications in the field and show where more work is needed. Research within the realm of RPKI is divided into RPKI Route Origin Authorization (ROA) measurements, RPKI Route Origin Validation (ROV) measurements, and RPKI resilience. We find that existing approaches fail to correctly identify RPKI ROV filtering ASes and, therefore, include false positives that lead to a skewed adoption rate of RPKI-protected ASes. In our second contribution, we develop an improved RPKI ROV identification methodology by relying on extensive data plane measurements. We develop a strict approach that reduces false positives and makes inferences more accurate. Moreover, we compare seven Relying Party (RP) software implementations and recommend Routinator as the best solution there currently is for operators. While we are able to increase accuracy in our RPKI ROV measurements, we noticed measurement artifacts that could potentially be attributed to default routes. In our third contribution, we turn to default routes and improve upon two existing methodologies. We implement these measurements as continuous measurements and present our results on a website. Our newly derived datasets allow for the exclusion of ASes with default routes installed from RPKI ROV measurements and, therefore, further improve the results. Moreover, we develop a way to identify middleboxes, which helps sanitize measurement data even further. While working on origin validation techniques such as the RPKI, we understand that the Internet could be more secure only by deploying additional security mechanisms to secure the path of the BGP announcement. In our fourth contribution, we focus on path validation algorithms and how they can be built on top of the existing RPKI infrastructure to provide a high level of additional security while maintaining a high likelihood of adoption. Previous attempts wanted maximum security at the expense of usability and never succeeded. We perform simulations for two algorithms called Autonomous System Provider Authorization (ASPA) and AS-Cones with different deployment scenarios to tell which path validation algorithm offers the most security benefits at minimal operational cost. ASPA allows for more security compared to AS-Cones and for both algorithms, adoption is only required in a few ASes to provide an overall benefit for the whole inter-domain routing infrastructure. In addition, we develop a BGP topology generator that allows the emulation of arbitrary topologies within the NIST BGP-SRx software suite. In summary, we improve Internet routing security through these contributions by adding path validation to the existing origin validation deployments. Our findings have been made publicly available, datasets are open-sourced, and source code has been published on publicly available repositories.}, note = {}, school = {Universität der Bundeswehr München}, }