Resource Public Key Infrastructure (RPKI) is vital to the security of inter-domain routing. However, RPKI enables Regional Internet Registries (RIRs) to unilaterally takedown IP prefixes - indeed, such attacks have been launched by nation-state adversaries. The threat of IP prefix takedowns is one of the factors hindering RPKI adoption. In this work, we propose the first distributed RPKI system, based on threshold signatures, that requires the coordination of a number of RIRs to make changes to RPKI objects; hence, preventing unilateral prefix takedown. We perform extensive evaluations using our implementation demonstrating the practicality of our solution. Furthermore, we show that our system is scalable and remains efficient even when RPKI is widely deployed.
翻译:公共钥匙基础设施(RPKI)对内部线路安全至关重要,然而,RPKI使区域互联网登记处能够单方面收回IP前置装置,事实上,这种攻击是由民族国家对手发动的。IP前置装置拆除的威胁是阻碍RPKI收养的因素之一。在这项工作中,我们提议了第一个基于门槛签名的分布式RPKI系统,这需要一些RKI系统进行协调,以对RPKI物体进行修改;因此,防止单方面前置装置拆除。我们利用我们的实施来进行广泛的评估,以证明我们的解决办法的实用性。此外,我们表明我们的系统是可扩展的,即使在RPKI广泛部署时,仍然有效。
相关内容
- Today (iOS and OS X): widgets for the Today view of Notification Center
- Share (iOS and OS X): post content to web services or share content with others
- Actions (iOS and OS X): app extensions to view or manipulate inside another app
- Photo Editing (iOS): edit a photo or video in Apple's Photos app with extensions from a third-party apps
- Finder Sync (OS X): remote file storage in the Finder with support for Finder content annotation
- Storage Provider (iOS): an interface between files inside an app and other apps on a user's device
- Custom Keyboard (iOS): system-wide alternative keyboards
Source: iOS 8 Extensions: Apple’s Plan for a Powerful App Ecosystem
微信扫码咨询专知VIP会员