Secure and Scalable Deployment of Resource Public Key Infrastructure (RPKI) – Journal of Internet Services and Information Security

Volume 8 - Issue 1

Secure and Scalable Deployment of Resource Public Key Infrastructure (RPKI)

Zhiwei Yan China Internet Network Information Center, Beijing, 100190, P. R. China
yan@cnnic.cn
Guanggang Geng China Internet Network Information Center, Beijing, 100190, P. R. China
gengguanggang@cnnic.cn
Hidenori Nakazato Waseda University, Tokyo, 169-8555, Japan
nakazato@waseda.jp
Yong-Jin Park University of Malaysia Sabah, Sabah, 88400, Malaysia
yjpark@ums.edu.my

DOI: 10.22667/JISIS.2018.02.28.031

Keywords: BGP, RPKI, BGPsec, Route origination, CA-Safeguard

Abstract

The Border Gateway Protocol (BGP) is considered to be vulnerable to some typical security risks due to its lack of schemes to verify the received BGP messages. To address BGP security issues, Internet Engineering Task Force (IETF) proposed RPKI to verify the route origination contained in the BGP message. Currently, the standardization of basic RPKI protocol have been finished. Some organizations have deployed RPKI services and some are under the process for that. However, RPKI faces additional threats during the actual deployment especially the malfunctioning of the Certification Authority (CA) when it issues certificates bound to the resources. We analyze the threats to RPKI from the perspective of its large-scale deployment and then focus on the CA operation with empirical tests. We propose a comprehensive CA-Safeguard scheme in order to support the secure and scalable deployment of RPKI in the near future1.

Date

February 2018

Page Number

31-45