Background: The inter-domain routing security is often based on trust, which, as seen in
practice, is an insufficient approach. Due to the deficit of native security controls in the …

Securing internet applications from routing attacks Page 1 86 COMMUNICATIONS OF THE
ACM | JUNE 2021 | VOL. 64 | NO. 6 review articles THE INTERNET IS a “network of …

Despite its critical role in Internet connectivity, the Border Gateway Protocol (BGP) remains
highly vulnerable to attacks such as prefix hijacking, where an Autonomous System (AS) …

BGP prefix hijacking is a threat to Internet operators and users. Several mechanisms or
modifications to BGP that protect the Internet against it have been proposed. However, the …

The Resource Public Key Infrastructure (RPKI) is a system to add security to the Internet
routing. In recent years, the publication of Route Origin Authorization (ROA) objects, which …

Relying party validator is a critical component of RPKI: it fetches and validates signed
authorizations mapping prefixes to their owners. Routers use this information to block bogus …

We demonstrate the first downgrade attacks against RPKI. The key design property in RPKI
that allows our attacks is the tradeoff between connectivity and security: when networks …

Best practices for making RPKI resilient to failures and attacks recommend using multiple
URLs and certificates for publication points as well as multiple relying parties. We find that …

Internet routing research has long been hindered by obstacles to executing the wide class of
experiments necessary to characterize problems and opportunities, and evaluate candidate …

Reproducibility is one of the key characteristics of good science, but hard to achieve for
experimental disciplines like Internet measurements and networked systems. This guide …