When BGP Security Meets Content Deployment: Measuring and Analysing RPKI-Protection of Websites

Web content delivery is one of the most important services on the Internet. A secure access to websites is typically granted via SSL. However, traffic hijacking on the network layer may break this security model and makes additional protective mechanisms necessary. This paper presents a first quantitative analysis of the protection of web servers by RPKI, a recently deployed Resource Public Key Infrastructure to prevent hijacking in the Internet backbone. We introduce an initial methodology that accounts for distributed content deployment and shall enable the content owners to estimate and improve the security of the web ecosystem. For a current snapshot, we find that less popular websites are more likely to be secured than the prominent sites. Popular websites significantly rely on CDNs, which did not start to secure their IP prefixes. Whenever CDN-content is protected by RPKI, it is located in third party ISP networks. This hesitant deployment is the likely cause why popular content experiences re-