Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering

A proposal to improve routing security---Route Origin Authorization (ROA)---has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid routes? Which reject them outright? Which de-preference them if alternatives exist? Recent analysis attempts to use uncontrolled experiments to characterize ROV adoption by comparing valid routes and invalid routes. However, we argue that gaining a solid understanding of ROV adoption is impossible using currently available data sets and techniques. Our measurements suggest that, although some ISPs are not observed using invalid routes in uncontrolled experiments, they are actually using different routes for (non-security) traffic engineering purposes, without performing ROV. We conclude with a description of a controlled, verifiable methodology for measuring ROV and present three ASes that do implement ROV, confirmed by operators

The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire

The vulnerability of the Internet has been demonstrated by prominent IP prefix hijacking events. Major outages such as the China Telecom incident in 2010 stimulate speculations about malicious intentions behind such anomalies. Surprisingly, almost all discussions in the current literature assume that hijacking incidents are enabled by the lack of security mechanisms in the inter-domain routing protocol BGP. In this paper, we discuss an attacker model that accounts for the hijacking of network ownership information stored in Regional Internet Registry (RIR) databases. We show that such threats emerge from abandoned Internet resources (e.g., IP address blocks, AS numbers). When DNS names expire, attackers gain the opportunity to take resource ownership by re-registering domain names that are referenced by corresponding RIR database objects. We argue that this kind of attack is more attractive than conventional hijacking, since the attacker can act in full anonymity on behalf of a victim. Despite corresponding incidents have been observed in the past, current detection techniques are not qualified to deal with these attacks. We show that they are feasible with very little effort, and analyze the risk potential of abandoned Internet resources for the European service region: our findings reveal that currently 73 /24 IP prefixes and 7 ASes are vulnerable to be stealthily abused. We discuss countermeasures and outline research directions towards preventive solutions.Comment: Final version for TMA 201

The use of maxLength in the RPKI

This document recommends that operators avoid using the maxLength attribute when issuing Route Origin Authorizations (ROAs) in the Resource Public Key Infrastructure (RPKI). These recommendations complement those in [RFC7115].https://datatracker.ietf.org/doc/draft-yossigi-rpkimaxlen/First author draf

MaxLength considered harmful to the RPKI

User convenience and strong security are often at odds, and most security applications need to find some sort of balance between these two (often opposing) goals. The Resource Public Key Infrastructure (RPKI), a security infrastructure built on top of interdomain routing, is not immune to this issue. The RPKI uses the maxLength attribute to reduce the amount of information that must be explicitly recorded in its cryptographic objects. MaxLength also allows operators to easily reconfigure their networks without modifying their RPKI objects. Our network measurements, however, suggest that the maxLength attribute strikes the wrong balance between security and user convenience. We therefore believe that operators should avoid using maxLength. We give operational recommendations and develop software that allow operators to reap many of the benefits of maxLength without its security costs.https://eprint.iacr.org/2016/1015.pdfhttps://eprint.iacr.org/2016/1015.pdfPublished versio

An ancestry informative marker set for determining continental origin: validation and extension using human genome diversity panels

<p>Abstract</p> <p>Background</p> <p>Case-control genetic studies of complex human diseases can be confounded by population stratification. This issue can be addressed using panels of ancestry informative markers (AIMs) that can provide substantial population substructure information. Previously, we described a panel of 128 SNP AIMs that were designed as a tool for ascertaining the origins of subjects from Europe, Sub-Saharan Africa, Americas, and East Asia.</p> <p>Results</p> <p>In this study, genotypes from Human Genome Diversity Panel populations were used to further evaluate a 93 SNP AIM panel, a subset of the 128 AIMS set, for distinguishing continental origins. Using both model-based and relatively model-independent methods, we here confirm the ability of this AIM set to distinguish diverse population groups that were not previously evaluated. This study included multiple population groups from Oceana, South Asia, East Asia, Sub-Saharan Africa, North and South America, and Europe. In addition, the 93 AIM set provides population substructure information that can, for example, distinguish Arab and Ashkenazi from Northern European population groups and Pygmy from other Sub-Saharan African population groups.</p> <p>Conclusion</p> <p>These data provide additional support for using the 93 AIM set to efficiently identify continental subject groups for genetic studies, to identify study population outliers, and to control for admixture in association studies.</p

How to Use Fewer Markers in Admixture Studies

Swiss Fleckvieh has been established from 1970 as a composite of Simmental and Red Holstein Friesian cattle. Breed composition is currently reported based on pedigree information. Information on ancestry informative molecular markers potentially provides more accurate information. For the analysis Illumina Bovine SNP50 Beadchip data for 495 bulls were used. Markers were selected based on difference in allele frequencies in the pure populations, using FST as an indicator. Performance of sets with decreasing number of markers was compared. The scope of the study was to see how much we can reduce the number of markers based on FST to get a reliability that is close to that with the full set of markers. On these sets of markers hidden Markov models (HMM) and methods used in genomic selection (BayesB, partial least squares regression, LASSO variable selection) were applied. Correlations of admixture levels were estimated and compared with admixture levels based on pedigree information. FST chosen SNP gave very high correlations with pedigree based admixture. Only when using 96 and 48 SNP with the highest FST, correlations dropped to 0.92 and 0.90, respectively

Evaluation of the Deployment Status of RPKI and Route Filtering

The Border Gateway Protocol (BGP) is an essential infrastructure element, often termed “the glue that keeps the Internet together”. Even in its current version 4 , BGP misses essential security mechanisms that would allow to validate routing information distributed through BGP in terms of its authenticity and integrity. While mechanisms like BGPsec have been proposed many years ago, so far they have not found widespread adoption and many experts believe they never will due to their inherent complexity. To ensure a minimal level of protection, most Internet service providers (ISPs) rely on heuristic filtering of routing information advertised from neighboring autonomous systems (AS). One approach is called Path Origin Validation where an ISP tries to verify whether the AS advertising a certain IP prefix is actually the legitimate owner of this prefix

Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking

Information-centric networking proposals attract much attention in the ongoing search for a future communication paradigm of the Internet. Replacing the host-to-host connectivity by a data-oriented publish/subscribe service eases content distribution and authentication by concept, while eliminating threats from unwanted traffic at an end host as are common in today's Internet. However, current approaches to content routing heavily rely on data-driven protocol events and thereby introduce a strong coupling of the control to the data plane in the underlying routing infrastructure. In this paper, threats to the stability and security of the content distribution system are analyzed in theory and practical experiments. We derive relations between state resources and the performance of routers and demonstrate how this coupling can be misused in practice. We discuss new attack vectors present in its current state of development, as well as possibilities and limitations to mitigate them.Comment: 15 page