Paper 2021/125

Privacy Preserving and Resilient RPKI

Kris Shrishak and Haya Shulman

Abstract

Resource Public Key Infrastructure (RPKI) is vital to the security of inter-domain routing. However, RPKI enables Regional Internet Registries (RIRs) to unilaterally takedown IP prefixes - indeed, such attacks have been launched by nation-state adversaries. The threat of IP prefix takedowns is one of the factors hindering RPKI adoption. In this work, we propose the first distributed RPKI system, based on threshold signatures, that requires the coordination of a number of RIRs to make changes to RPKI objects; hence, preventing unilateral prefix takedown. We perform extensive evaluations using our implementation demonstrating the practicality of our solution. Furthermore, we show that our system is scalable and remains efficient even when RPKI is widely deployed.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision. INFOCOM 2021
Keywords
threshold cryptographysecret sharingRPKI
Contact author(s)
kris shrishak @ sit tu-darmstadt de
History
2021-02-05: received
Short URL
https://ia.cr/2021/125
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/125,
      author = {Kris Shrishak and Haya Shulman},
      title = {Privacy Preserving and Resilient {RPKI}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/125},
      year = {2021},
      url = {https://eprint.iacr.org/2021/125}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.