The Juice Is Worth the Squeeze: Analysis of Autonomous System Provider Authorization in Partial Deployment

Abstract

BGP, the de-facto standard protocol for exchanging routes on a network-wide basis called AS employs invalid routes. Recently, a data object called Autonomous System Provider Authorization (ASPA) was proposed as a new specification for verifying PATH information in BGP security. In this paper, we shed light on the effectiveness of ASPAs in a partial deployment alongside the conventional BGP through experiments based on a real AS topology. To this end, we also present a novel simulation tool, LOTUS, for BGP route exchange, including ASPAs. We then evaluate deployments of ASPAs and their verification with LOTUS for two cases on network topology in Japan: the case in deployment from ASes whose number of connections with other ASes is large, i.e., deployment from top ASes, and the case in deployment from ASes at the end of the network topology, i.e., deployment from leaf-node ASes. As a result, we confirm that the number of victim ASes decreases in the former case, while ASPAs provide no advantage in the latter case. Notably, the number of victim ASes decreases by about 96% on average by deploying the verification with ASPAs in the top-eight ASes. Based on these results, we further conduct extensive experiments in the deployment from the top ASes, whereby ASes outside the network topology advertise malicious routes to the victim ASes. We also discuss a case whereby an adversary tries to leverage ASPAs. Our promising results show that the adversary will no longer obtain an advantage even by leveraging ASPAs.