Ain't How You Deploy: An Analysis of BGP Security Policies Performance Against Various Attack Scenarios with Differing Deployment Strategies

TL;DR

This paper evaluates the effectiveness of different BGP security policies and deployment strategies against various attack scenarios, providing insights to improve future BGP security measures.

Contribution

It offers a comprehensive simulation-based analysis of BGP security policies across multiple deployment strategies and attack types, highlighting their strengths and limitations.

Findings

ROV and ASPA improve attack detection

Deployment strategy impacts security effectiveness

Identifies gaps in current BGP security policies

Abstract

This paper investigates the performance of various Border Gateway Protocol (BGP) security policies against multiple attack scenarios using different deployment strategies. Through extensive simulations, we evaluate the effectiveness of defensive mechanisms such as Root Origin Validation (ROV), Autonomous System Provider Authorization (ASPA), and PeerROV across distinct AS deployment types. Our findings reveal critical insights into the strengths and limitations of current BGP security measures, providing guidance for future policy development and implementation.