Exploring the Benefit of Path Plausibility Algorithms in BGP

The Border Gateway Protocol (BGP) is known to have several security weaknesses. Two major threats are BGP prefix hijacking and BGP route leaks. A hijack refers to the illegitimate announcement of another Autonomous System’s (AS) IP prefix space while a route leak is the accidental forwarding of a route to a peer that should not have received such an announcement. The Resource Public Key Infrastructure (RPKI) provides origin validation and is able to mitigate a subset of prefix hijacking attacks. Route leaks and forged-origin prefix hijacks are not yet properly addressed. Autonomous System Provider Authorization (ASPA) and AS-Cones are two path plausibility algorithms proposed within the Internet Engineering Task Force (IETF) to mitigate these issues. This work implements ASPA and AS-Cones in a simulation testbed. We compare deployment strategies and recommend to start deploying both algorithms in a top-down manner, starting with the AS with the highest connectivity. While AS-Cones requires less ASes to participate it shows similar benefits in route leak mitigation. Only ASPA can mitigate the forged-origin prefix hijack and results heavily depend on the victim AS to participate in ASPA object creation.