Privacy Preserving and Resilient RPKI

  title={Privacy Preserving and Resilient RPKI},
  author={Kris Shrishak and Haya Shulman},
  journal={IEEE INFOCOM 2021 - IEEE Conference on Computer Communications},
Resource Public Key Infrastructure (RPKI) is vital to the security of inter-domain routing. However, RPKI enables Regional Internet Registries (RIRs) to unilaterally takedown IP prefixes - indeed, such attacks have been launched by nation-state adversaries. The threat of IP prefix takedowns is one of the factors hindering RPKI adoption.In this work, we propose the first distributed RPKI system, based on threshold signatures, that requires the coordination of a number of RIRs to make changes to… Expand

Figures and Tables from this paper


Are We There Yet? On RPKI's Deployment and Security
It is shown that without almost ubiquitous ROV adoption by large ISPs significant security benefits cannot be attained, and potential reasons for scarce adoption of RPKI and ROV are examined, including human error in issuing RPKI certificates and inter-organization dependencies. Expand
IPchain: Securing IP Prefix Allocation and Delegation with Blockchain
  • Jordi Paillisse, Miquel Ferriol, +8 authors A. Cabellos-Aparicio
  • Computer Science
  • 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
  • 2018
It is argued that Proof of Stake is a suitable consensus algorithm for IPchain due to the unique incentive structure of this use-case and its performance and scalability. Expand
Bamboozling Certificate Authorities with BGP
This paper performs the first real-world demonstration of BGP attacks to obtain bogus certificates from top CAs in an ethical manner and proposes and evaluates two countermeasures to secure the PKI: CAs verifying domains from multiple vantage points to make it harder to launch a successful attack. Expand
Securing DNSSEC Keys via Threshold ECDSA From Generic MPC
This work shows how to use techniques from threshold ECDSA to protect keys such that domains do not reveal their signing keys to a DNS operator, and to protect the operational integrity of DNS operator. Expand
On the risk of misbehaving RPKI authorities
It is shown how design decisions that elegantly address the vulnerabilities in the original threat model have unexpected side effects in this flipped threat model, and implications on the design of security architectures that are appropriate for the untrusted and error-prone Internet are suggested. Expand
A Survey of BGP Security Issues and Solutions
This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security, exploring the limitations and advantages of proposed security extensions to B GP, and explaining why no solution has yet struck an adequate balance between comprehensive security and deployment cost. Expand
Securing BGP — A Literature Survey
The Internet's routing architecture and the design of BGP in particular is examined, and no proposal has been seen as offering a combination of adequate security functions, suitable performance overheads and deployable support infrastructure. Expand
The RPKI Repository Delta Protocol (RRDP)
This document specifies a new RPKI Repository Delta Protocol (RRDP) for this purpose, which relies on an Update Notification File which lists the current Snapshot and Delta Files that can be retrieved using HTTPS, and it enables the use of Content Distribution Networks (CDNs) or other caching infrastructures for the retrieval of these files. Expand
Secure distributed DNS
  • C. Cachin, A. Samar
  • Computer Science
  • International Conference on Dependable Systems and Networks, 2004
  • 2004
The design and implementation of a secure distributed name service on the level of a DNS zone is presented, able to provide fault tolerance and security even in the presence of a fraction of corrupted name servers, avoiding any single point of failure. Expand
Negotiating DNSSEC Algorithms over Legacy Proxies
This work presents a DNSSEC-negotiation mechanism, allowing name-servers to send responses containing only the keys and signatures required by the requesting resolver, and shows significant security benefits from the use of the design, under realistic, rational adoption model. Expand