A Reproduction of “Jumpstarting BGP Security with Path-End Validation”
In this paper, we reproduce the results of the path-end validation paper by simulating route advertisement across the BGP system under varying degrees of path-end validation deployment and with various route acceptance criteria. While the attacker success metrics we find are smaller in the absolute sense than those presented in the path-end validation paper, the relative success of different BGP security schemes in partial deployment is preserved. We then attempt to recreate the path-end validation paper’s results with data from real-world attacks, finding an improvement from path-end validation which, while not as dramatic as that claimed by the
original authors, supports the idea that path-end validation can significantly decrease an attacker’s success rate even in very limited deployment.