ABSTRACT
Although Resource Public Key Infrastructure (RPKI) is critical for securing the inter-domain routing, one of the arguments hindering its adoption is the significant power that it provides to the Regional Internet Registries (RIRs), allowing prefix takedowns. In this work, we propose a small change to RPKI to distribute the power of RIRs preventing any single one of them from taking down a prefix. We design and implement a distributed RPKI system that relies on threshold signatures. This ensures that any change to the RPKI certificates requires a joint action by a number of RIRs, avoiding unilateral IP address takedowns. We evaluate the performance of our design and use historic RPKI data to analyse its performance and efficiency.
- Donald Beaver. Efficient multiparty protocols using circuit randomization. In CRYPTO, volume 576 of Lecture Notes in Computer Science, pages 420--432. Springer, 1991.Google ScholarDigital Library
- Tim Bruijnzeels, Oleg Muravskiy, Bryan Weber, and Rob Austein. The RPKI repository delta protocol (RRDP). RFC, 8182:1--24, 2017.Google Scholar
- Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In FOCS, pages 136--145. IEEE Computer Society, 2001.Google ScholarDigital Library
- Ben Cartwright-Cox. The State of RPKI: Q4 2018, 20 December 2019. https://blog.benjojo.co.uk/post/state-of-rpki-in-2018.Google Scholar
- Avichai Cohen, Yossi Gilad, Amir Herzberg, and Michael Schapira. One hop for RPKI, one giant leap for BGP security. In HotNets, pages 10:1--10:7. ACM, 2015.Google ScholarDigital Library
- Danny Cooper, Ethan Heilman, Kyle Brogle, Leonid Reyzin, and Sharon Goldberg. On the risk of misbehaving RPKI authorities. In HotNets, pages 16:1--16:7. ACM, 2013.Google ScholarDigital Library
- David Cooper, Stefan Santesson, Stephen Farrell, Sharon Boeyen, Russell Housley, and W. Timothy Polk. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC, 5280:1--151, 2008.Google Scholar
- Anders P. K. Dalskov, Marcel Keller, Claudio Orlandi, Kris Shrishak, and Haya Shulman. Securing DNSSEC keys via threshold ECDSA from generic MPC. IACR Cryptology ePrint Archive, 2019:889, 2019.Google Scholar
- Data61. MP-SPDZ - Versatile framework for multi-party computation, 7 June 2019. https://github.com/data61/MP-SPDZ.Google Scholar
- Yossi Gilad, Avichai Cohen, Amir Herzberg, Michael Schapira, and Haya Shulman. Are We There Yet? On RPKI's Deployment and Security. In NDSS, 2017.Google ScholarCross Ref
- Adiseshu Hari and T. V. Lakshman. The internet blockchain: A distributed, tamper-resistant transaction framework for the internet. In HotNets, pages 204--210. ACM, 2016.Google ScholarDigital Library
- Ethan Heilman, Danny Cooper, Leonid Reyzin, and Sharon Goldberg. From the consent of the routed: improving the transparency of the RPKI. In SIGCOMM, pages 51--62. ACM, 2014.Google ScholarDigital Library
- Tomas Hlavacek, Italo Cunha, Yossi Gilad, Amir Herzberg, Ethan Katz-Bassett, Michael Schapira, and Haya Shulman. Disco: Sidestepping rpki's deployment barriers. In NDSS. The Internet Society, 2020.Google ScholarCross Ref
- Tomas Hlavacek, Amir Herzberg, Haya Shulman, and Michael Waidner. Practical experience: Methodologies for measuring route origin validation. In DSN, pages 634--641. IEEE Computer Society, 2018.Google Scholar
- ICANN. ICANN Tells U.S. Court That ccTLDs Are Not "Property" | Files Motion to Quash in U.S. Legal Action Aimed at Seizing Top-Level Domains, 30 July 2014. https://www.icann.org/resources/press-material/release-2014-07-30-en.Google Scholar
- Jonathan Katz, Ueli Maurer, Björn Tackmann, and Vassilis Zikas. Universally composable synchronous computation. In TCC, volume 7785 of Lecture Notes in Computer Science, pages 477--498. Springer, 2013.Google Scholar
- Matt Lepinski and Stephen T. Kent. An infrastructure to support secure internet routing. RFC, 6480:1--24, 2012.Google Scholar
- Yaping Liu, Shuo Zhang, Qingyuan Li, and Sufang. Requirement for the transparency of RPKI, 5 November 2019. Work in Progress.Google Scholar
- M. Mueller, M. van Eeten, and B. Kuerbis. In important case, ripe-ncc seeks legal clarity on how it responds to foreign court orders, 23 November 2011. https://www.internetgovernance.org/2011/11/23/in-important-case-ripe-ncc-seeks-legal-clarity-on-how-it-responds-to-foreign-court-orders/.Google Scholar
- NRO. Handling requests for information by law enforcement authorities, 2018. https://www.nro.net/accountability/rir-accountability/rir-governance-matrix/#lawenforcement.Google Scholar
- Jordi Paillisse, Miquel Ferriol, Eric Garcia, Hamid Latif, Carlos Piris, Albert Lopez-Bresco, Brenden Kuerbis, Alberto Rodríguez-Natal, Vina Ermagan, Fabio Maino, and Albert Cabellos. Ipchain: Securing IP prefix allocation and delegation with blockchain. In iThings/GreenCom/CPSCom/SmartData, pages 1236--1243. IEEE, 2018.Google Scholar
- Andreas Reuter, Randy Bush, Ítalo Cunha, Ethan Katz-Bassett, Thomas C. Schmidt, and Matthias Wählisch. Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering. ACM SIGCOMM Computer Communication Review, 48(1):19--27, January 2018.Google ScholarDigital Library
- RIPE NCC. The RIPE NCC's Case Against the State of the Netherlands Dismissed, 14 February 2013. https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/ripe-nccs-case-against-the-state-of-the-netherlands-dismissed.Google Scholar
- RIPE NCC. RIPE NCC Blocks Registration in RIPE Registry Following Order from Dutch Police, 9 November 2011. https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/ripe-ncc-blocks-registration-in-ripe-registry-following-order-from-dutch-police.Google Scholar
- Muhammad Saad, Afsah Anwar, Ashar Ahmad, Hisham Alasmary, Murat Yuksel, and Aziz Mohaisen. Routechain: Towards blockchain-based secure and efficient BGP routing. In IEEE ICBC, pages 210--218. IEEE, 2019.Google ScholarCross Ref
- Mark Tinka. RPKI ROV & Dropping of Invalids - Africa, 09 April 2019. https://www.mail-archive.com/[email protected]/msg00796.html.Google Scholar
- Christopher S Yoo and David A Wishnick. Lowering legal barriers to rpki adoption. U of Penn Law School, Public Law Research Paper, (19--02), 2019.Google Scholar
Index Terms
- Limiting the Power of RPKI Authorities
Recommendations
Behind the Scenes of RPKI
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecurityBest practices for making RPKI resilient to failures and attacks recommend using multiple URLs and certificates for publication points as well as multiple relying parties. We find that these recommendations are already supported by 63% of the ASes with ...
On the risk of misbehaving RPKI authorities
HotNets-XII: Proceedings of the Twelfth ACM Workshop on Hot Topics in NetworksThe RPKI is a new security infrastructure that relies on trusted authorities to prevent some of the most devastating attacks on interdomain routing. The threat model for the RPKI supposes that authorities are trusted and routing is under attack. Here we ...
RPKI is Coming of Age: A Longitudinal Study of RPKI Deployment and Invalid Route Origins
IMC '19: Proceedings of the Internet Measurement ConferenceDespite its critical role in Internet connectivity, the Border Gateway Protocol (BGP) remains highly vulnerable to attacks such as prefix hijacking, where an Autonomous System (AS) announces routes for IP space it does not control. To address this issue,...
Comments