Byzantine-Secure Relying Party for Resilient RPKI
arxiv(2024)
摘要
To protect against prefix hijacks, Resource Public Key Infrastructure (RPKI)
has been standardized. To enjoy the security guarantees of RPKI validation,
networks need to install a new component, the relying party validator, which
fetches and validates RPKI objects and provides them to border routers.
However, recent work shows that relying parties experience failures when
retrieving RPKI objects and are vulnerable to attacks, all of which can disable
RPKI validation. Therefore even the few adopters are not necessarily secure.
We make the first proposal that significantly improves the resilience and
security of RPKI. We develop BRP, a Byzantine-Secure relying party
implementation. In BRP the relying party nodes redundantly validate RPKI
objects and reach a global consensus through voting. BRP provides an RPKI
equivalent of public DNS, removing the need for networks to install, operate,
and upgrade their own relying party instances while avoiding the need to trust
operators of BRP nodes.
We show through simulations and experiments that BRP, as an intermediate RPKI
service, results in less load on RPKI publication points and a robust output
despite RPKI repository failures, jitter, and attacks. We engineer BRP to be
fully backward compatible and readily deployable - it does not require any
changes to the border routers and the RPKI repositories.
We demonstrate that BRP can protect many networks transparently, with either
a decentralized or centralized deployment. BRP can be set up as a network of
decentralized volunteer deployments, similarly to NTP and TOR, where different
operators participate in the peering process with their node, and provide
resilient and secure relying party validation to the Internet. BRP can also be
hosted by a single operator as a centralized service, e.g., on one cloud or
CDN, and provides RPKI validation benefits even when hosted on a single
network.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要