PAPER
Securing BGP ASAP: ASPA and other Post-ROV Defenses
Before the adoption of Route Origin Validation (ROV), prefix and subprefix hijacks were the most effective and common attacks on BGP routing. Recent works show that ROV adoption is increasing rapidly; with sufficient ROV adoption, prefix and subprefix attacks become ineffective. We study this changing landscape and in particular the Autonomous System Provider Authorization (ASPA) proposal, which focuses on route leakage but also foils some other attacks. Using recent measurements of real-world ROV adoption, we evaluate its security impact. Our simulations show substantial impact: emph{already today}, prefix hijacks are less effective than forged-origin hijacks, and the effectiveness of subprefix hijacks is much reduced. Therefore, we expect attackers to move to forged-origin hijacks and other emph{post-ROV attacks}; we present a new, powerful post-ROV attack, emph{spoofing}. We present extensive evaluations of different post-ROV defenses and attacks. Our results show that ASPA significantly protects against post-ROV attacks, even in partial adoption. It dramatically improves upon the use of only ROV or of BGPsec, Path-End, OTC, and EdgeFilter. BGP-iSec has even better protection but requires public-key operations to export/import announcements. We also present ASPAwN, an extension that further improves ASPA’s performance. Our results show that contrary to prior works [74], [95], ASPA is effective even when tier-1 ASes are not adopting, hence motivating ASPA adoption at edge and intermediate ASes. On the other hand, we find that against emph {accidental} route leaks, the simpler, standardized OTC mechanism is as effective as ASPA.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.