Cryptology ePrint Archive: Report 2021/125

Privacy Preserving and Resilient RPKI

Kris Shrishak and Haya Shulman

Abstract: Resource Public Key Infrastructure (RPKI) is vital to the security of inter-domain routing. However, RPKI enables Regional Internet Registries (RIRs) to unilaterally takedown IP prefixes - indeed, such attacks have been launched by nation-state adversaries. The threat of IP prefix takedowns is one of the factors hindering RPKI adoption.

In this work, we propose the first distributed RPKI system, based on threshold signatures, that requires the coordination of a number of RIRs to make changes to RPKI objects; hence, preventing unilateral prefix takedown. We perform extensive evaluations using our implementation demonstrating the practicality of our solution. Furthermore, we show that our system is scalable and remains efficient even when RPKI is widely deployed.

Category / Keywords: applications / threshold cryptography, secret sharing, RPKI

Original Publication (with minor differences): INFOCOM 2021

Date: received 4 Feb 2021

Contact author: kris shrishak at sit tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20210205:123657 (All versions of this report)

Short URL: ia.cr/2021/125


[ Cryptology ePrint archive ]