EOAP: An Efficient Origin Authentication Protocol for Preventing Origin AS Confilict(OASC) Events in BGP

In BGP, an IP prefix may be announced by an illegitimate origin AS, leading to the conflict with the legitimate origin AS, in the paper which is referred to as origin as conflict (OASC) event. OASC event results in the widespread subversion of Internet connectivity. For verifying the propriety of IP prefix origination, the paper proposes a novel origin verification mechanism, namely the efficient origin authentication protocol (EOAP), which adopts a simpler and more feasible PKI to issue public key certificate to each AS through the existing Internet AS number assignment chain, and introduces a digital signature issued by AS, named prefix attestation, to bind IP prefix and it´s origin AS. Compared with current BGP origin verification mechanisms, EOAP verifies route withdrawal message, supports route aggregation and incremental deployments, and needs the smallest memory. EOAP will be more easily implemented and deployed across Internet.