The internet public key infrastructure
IBM Systems Journal - End-to-end security
How secure are secure interdomain routing protocols
Proceedings of the ACM SIGCOMM 2010 conference
Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace
Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace
Certified lies: detecting and defeating government interception attacks against SSL (short paper)
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Towards detecting BGP route hijacking using the RPKI
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
BGP security in partial deployment: is the juice worth the squeeze?
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
| Hi-index | 0.00 |
The RPKI is a new security infrastructure that relies on trusted authorities to prevent some of the most devastating attacks on interdomain routing. The threat model for the RPKI supposes that authorities are trusted and routing is under attack. Here we discuss the risks that arise when this threat model is flipped: when RPKI authorities are faulty, misconfigured, compromised, or compelled to misbehave. We show how design decisions that elegantly address the vulnerabilities in the original threat model have unexpected side effects in this flipped threat model. In particular, we show new targeted attacks that allow RPKI authorities, under certain conditions, to limit access to IP prefixes, and discuss the risk that transient RPKI faults can take IP prefixes offline. Our results suggest promising directions for future research, and have implications on the design of security architectures that are appropriate for the untrusted and error-prone Internet.