Validation Algorithms for a Secure Internet Routing PKI

  • David Montana
  • Mark Reynolds
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5057)

Abstract

A PKI in support of secure Internet routing was first proposed in [1] and refined in later papers, e.g., [2]. In this “Resource” PKI (RPKI) the resources managed are IP address allocations and Autonomous System number assignments. In a typical PKI the validation problem for each relying party is fairly simple in principle, and is well defined in the standards, e.g. RFC 3280 [3]. The RPKI presents a very different challenge for relying parties with regard to efficient certificate validation. In the RPKI every relying party needs to validate every certificate at fairly frequent intervals (e.g., daily). In addition, certificates on the validation path may be acquired from multiple repositories in an arbitrary order. These dramatic differences motivated us to develop performance-optimized validation algorithms for the RPKI. This paper describes the software developed by BBN for the RPKI, with a special focus on this optimized validation approach.

Keywords

Border Gateway Protocol Resource PKI Internet Routing PKI Route Origination Attestation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Kent, S., Lynn, C., Seo, K.: Design and Analysis of the Secure Border Gateway Protocol (S-BGP). In: IEEE DISCEX Conference (2000)Google Scholar
  2. 2.
    Kent, S.: An Infrastructure Supporting Secure Internet Routing. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 116–129. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure - Certificate and Certificate Revocation List (CRL) Profile. RFC3280 (2002)Google Scholar
  4. 4.
    Rekhter, Y., Li, T.: A Border Gateway Protocol (BGP). RFC4271 (2006)Google Scholar
  5. 5.
    Murphy, S.: BGP Security Vulnerability Analysis. RFC4272 (2006)Google Scholar
  6. 6.
    Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications 18(4), 582–592 (2000)CrossRefGoogle Scholar
  7. 7.
    Goodell, G., Aiello, W., Griffin, T., Ioannidis, J., McDaniel, P., Rubin, A.: Working Around BGP: An Incremental Approach to Improving Security and Accuracy for Interdomain Routing. In: Network and Distributed System Security Symposium, pp. 73–85 (2003)Google Scholar
  8. 8.
    Hu, Y.-C., Perrig, A., Johnson, D.: Efficient Security Mechanisms for Routing Protocols. In: Network and Distributed System Security Symposium, pp. 57–73 (2003)Google Scholar
  9. 9.
    Wan, T., Kranakis, E., van Oorschot, P.C.: Pretty Secure BGP (psBGP). In: Network and Distributed System Security Symposium (2005)Google Scholar
  10. 10.
    Kent, S.: Securing BGP: S-BGP. The Internet Protocol Journal 6(3), 2–14 (2003)Google Scholar
  11. 11.
    White, R.: Securing BGP: soBGP. The Internet Protocol Journal 6(3), 15–22 (2003)Google Scholar
  12. 12.
    Housley, R., Polk, T.: Planning for PKI. Wiley Computer Publishers, Chichester (2001)Google Scholar
  13. 13.
    Opplinger, R.: Secure Messaging with PGP and S/MIME. Artech House Publishers (2000)Google Scholar
  14. 14.
  15. 15.
  16. 16.
  17. 17.
  18. 18.
    draft-ietf-sidr-arch-01.txt, http://ietfreport.isoc.org
  19. 19.
  20. 20.
  21. 21.
  22. 22.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • David Montana
    • 1
  • Mark Reynolds
    • 1
  1. 1.BBN TechnologiesCambridgeUSA

Personalised recommendations