Privacy Preserving and Resilient RPKI
Kris Shrishak, Haya Shulman
TL;DR
This paper introduces a distributed RPKI system using threshold signatures to prevent unilateral IP prefix takedowns, enhancing security and resilience in inter-domain routing.
Contribution
It presents the first distributed RPKI system based on threshold signatures that requires multiple RIRs to coordinate changes, preventing unilateral attacks.
Findings
System is practical and scalable.
Efficient even with widespread deployment.
Prevents unilateral prefix takedowns.
Abstract
Resource Public Key Infrastructure (RPKI) is vital to the security of inter-domain routing. However, RPKI enables Regional Internet Registries (RIRs) to unilaterally takedown IP prefixes - indeed, such attacks have been launched by nation-state adversaries. The threat of IP prefix takedowns is one of the factors hindering RPKI adoption. In this work, we propose the first distributed RPKI system, based on threshold signatures, that requires the coordination of a number of RIRs to make changes to RPKI objects; hence, preventing unilateral prefix takedown. We perform extensive evaluations using our implementation demonstrating the practicality of our solution. Furthermore, we show that our system is scalable and remains efficient even when RPKI is widely deployed.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.