Hardening the RPKI Against Faulty or Misbehaving Authorities
BUSEC: Boston University Security Group

Abstract:     The RPKI is a new security infrastructure that relies on trusted authorities to prevent some of the most devastating attacks on interdomain routing. The threat model for the RPKI supposes that authorities are trusted and routing is under attack. This project considers the risks that arise when this threat model is flipped: when RPKI authorities are faulty, misconfigured, compromised, or compelled (e.g. by governments) to misbehave. We show how design decisions that elegantly address the vulnerabilities in the original threat model have unexpected side effects in this flipped threat model. We also propose new mechanisms to improve the transparency and robustness of the RPKI.

Our work (at HotNets'13) was awarded a 2014 IETF/IRTF Applied Networking Research Prize.


Selected Presentations:



This material is based upon work supported by the National Science Foundation under Grants 1017907, 1012798, 1350733, and 1012910, and a gift from Cisco. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.