From the Consent of the Routed: Improving the Transparency of the RPKI: Ethan Heilman, BU.

Starts: 10:00 am on Monday, July 21, 2014
Ends: 11:30 am on Monday, July 21, 2014
Location: MCS 137

The Resource Public Key Infrastructure (RPKI) is a new infrastructure that prevents some of the most devastating attacks on interdomain routing. However, the security benefits provided by the RPKI are accomplished via an architecture that empowers centralized authorities to \emph{unilaterally} revoke any IP addresses under their control, potentially taking these IP addresses offline. We propose mechanisms to improve the transparency of the RPKI, in order to mitigate the risk that it will be used for IP address takedowns. We propose modifying the RPKI's architecture so that (1) any revocation of IP address space requires the \emph{consent} from all impacted parties, and (2) there are mechanisms that detect when misbehaving authorities fail to obtain consent. We present a security analysis of our architecture, estimate its overhead using data-driven analysis, and argue why the current status of the RPKI provides us with unique window of opportunity to implementing our proposal. Joint work with Danny Cooper, Sharon Goldberg and Leonid Reyzin.