Consent Routed

Title

From the Consent of the Routed: Improving the Transparency of the RPKI.

Speaker/Bio

Ethan is a PhD student in the Boston University Security Group (BUSec) of the Computer Science Dept. His research interests are: Network security, crypto currencies, hash function cryptanalysis and side channel attacks. His most recent projects have been related to internet routing and Bitcoin.

Abstract

The Resource Public Key Infrastructure (RPKI) is a new infrastructure that prevents some of the most devastating attacks on interdomain routing. However, the security benefits provided by the RPKI are accomplished via an architecture that empowers centralized authorities to unilaterally revoke any IP prefixes under their control. We propose mechanisms to improve the transparency of the RPKI, in order to mitigate the risk that it will be used for IP address takedowns. First, we present tools that detect and visualize changes to the RPKI that can potentially take down an IP prefix. We use our tools to identify errors and revocations in the production RPKI. Next, we propose modifications to the RPKI\x92s architecture to (1) require any revocation of IP address space to receive consent from all impacted parties, and (2) detect when misbehaving authorities fail to obtain consent. We present a security analysis of our architecture, and estimate its overhead using data-driven analysis.