מושגי ליבה
A Byzantine-secure relying party implementation, called BRP, that uses consensus among multiple relying party instances to provide a resilient and secure RPKI validation service.
תקציר
The paper proposes BRP, a Byzantine-secure relying party (RP) implementation for the Resource Public Key Infrastructure (RPKI) system. RPKI is a crucial mechanism for securing the Border Gateway Protocol (BGP) by binding IP address blocks to their legitimate owners. However, the current RPKI deployment faces several challenges, including failures and vulnerabilities in the RP software, which can disable RPKI validation and expose the network to BGP prefix hijacks.
To address these issues, the authors develop BRP, which uses a centralized setup with multiple RP instances that run a Byzantine agreement protocol to reach consensus on RPKI objects. BRP achieves good synchronization even against strong adversaries that can attack, corrupt or control some of the RPs. The key aspects of BRP's design include:
- Synchronizing the VRP (Validated ROA Payload) output layer instead of the RPKI object cache, to avoid introducing new errors by breaking dependencies.
- Using a threshold vote to aggregate the skiplist (of problematic publication points) and VRPs across the RP instances, ensuring consistency and resilience against benign failures and Byzantine behavior.
- Monitoring the RP instances to detect and blacklist publication points that trigger crashes or stalling attacks, ensuring availability of the VRP output.
- Providing an intermediate RPKI validation service that is fully backward compatible and can be deployed as a decentralized network of volunteer RPs or as a centralized service, without requiring any changes to the existing RPKI infrastructure or border routers.
The authors analyze the security of BRP and demonstrate through simulations and experimental evaluations that it outperforms existing RP implementations in terms of resilience, security and performance. BRP can protect many networks transparently, facilitating wider adoption of RPKI and Route Origin Validation (ROV).
סטטיסטיקה
The paper reports the following key statistics:
Almost 50% of all Internet prefixes are covered with ROAs (Route Origin Authorizations), but only 12.3% to 30% of networks enforce ROV (Route Origin Validation).
4.6% to 12.5% of RPKI repositories exhibit chronic availability issues.
Over 5.6K unique RPs are competing for access to the RPKI repositories.
ציטוטים
"RPKI was standardized more than a decade ago, in 2011, but despite its significance, RPKI's deployment is discouragingly slow."
"Even the fairly few adopters are not necessarily secure. A security mechanism, whose protection can be removed, e.g., by creating a load on the RPKI repositories - a completely realistic and practical attack - creates a false sense of security, leading, in fact, to a less secure Internet."
"As the adoption of RPKI proceeds, any inconsistency, vulnerability, or misconfiguration in RPKI will have a greater impact on the Internet stability, since increasingly more networks may be affected."