BGP-iSec: Improved Security of Internet Routing Against Post-ROV Attacks
Cameron Morris
Network and Distributed System Security (NDSS) Symposium 2024 · Day 1 · Network Security
The Border Gateway Protocol (BGP) has been the foundational routing protocol for the internet for decades, yet its inherent security vulnerabilities have been a persistent concern since its inception. While significant strides have been made with the **Resource Public Key Infrastructure (RPKI)** and **Route Origin Validation (ROV)** to mitigate prefix hijacks, these defenses are not exhaustive. As RPKI adoption continues to grow—with over 42% of IPv4 address space protected by **Route Origin Authorizations (ROAs)** and an estimated 37% of Autonomous Systems (ASes) actively filtering invalid ROAs—attackers are inevitably shifting their focus to **post-ROV attacks**, those sophisticated threats that existing ROV mechanisms are unable to detect or prevent.