The Hanging ROA: A Secure and Scalable Encoding Scheme for Route Origin Authorization
IEEE Conference on Computer Communications (INFOCOM)(2022)
Abstract
On top of the Resource Public Key Infrastructure (RPKI), the Route Origin Authorization (ROA) creates a cryptographically verifiable binding of an autonomous system to a set of IP prefixes it is authorized to originate. By their design, ROAs can protect the inter-domain routing system against prefix and sub-prefix hijacks. However, inappropriate configurations bring in vulnerabilities to other types of routing security attacks. As such, the state-of-the-art approach implements the minimal-ROA principle, eliminating the risk of using ROAs at the cost of system scalability. This paper proposes the hanging ROA, a novel bitmap-based encoding scheme for ROAs, that not only ensures strong security, but also significantly improves system scalability. According to the performance evaluation with real-world data sets, the hanging ROA outperforms the state-of-the-art approach 2.4 times in terms of the compression ratio, and it can reduce the cost of a router to synchronize all validated ROA payloads by 44.5% similar to 64.7%.
MoreTranslated text
Key words
Routing Security,BGP,RPKI,ROA
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined