Resource Public Key Infrastructure (RPKI)

a Key Infrastructure similar to the Public Key Infrastructure (PKI)
used for securing BGP updates (one of several other ways)
secures the route origin (associating a route with an originating AS number)
doesn’t secure the autonomous system path

RPKI Components

Key Infrastructure Component	RPKI Component	Description
certificates	Route Origin Authorization (ROA)	signed document mapping a certain network-prefix to a specific AS is a cryptographically signed object that states which Autonomous System (AS) is authorized to originate a certain prefix Link to original
certificate authorities	Trusted Anchors (TA) aka Regional Internet Registry (RIR)	is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and Autonomous System Numbers (ASN) presently the five RIRs (AFRINIC, APNIC, ARIN, LACNIC & RIPE) provide a method for members to take an IP/ASN pair and sign a ROA record.
certificate repository	Internet Routing Registry (IRR)	(aka ROA database) is a database of IRR route objects for determining, and sharing route and related information used for configuring routers, with a view to avoiding problematic issues between Internet service providers
certificate revocation mechanisms	NONE	NONE

RPKI Pros and Challenges

pros:

offline crypto to verify ROA chains
use a whitelist to filter hijacked BGP routes
more effective than prefix filtering
- prefix filtering is on customer prefixes, RPKI is on neighbors
more incentives to avoid prefixes being hijacked

challenges:

can be misconfigured
partial deployment of ROV-related issues
can be circumvented
- route leaks
- path alteration/shortening attacks

RPKI Deployment Challenges

ASPATH Manipulation

ASPATH = Autonomous System Path
ASPATH manipulation more difficult to succeed
- the attacker’s (AS 666) ASPATH likely to be longer than the authentic (AS A) ASPATH, and therefore AS X would direct all data through the authentic ASPATH

Loose ROA problem

Impact of Partial ROV Adoption

collateral benefit - adopters of ROV protect autonomous systems (that do not adopt ROV) behind them by discarding invalid routes
collateral damage - autonomous systems not doing ROV might cause autonomous systems that do ROV to fall victim to attacks
- disconnection - adopters of ROV might be offered only bad routes
- control-plane-data-plane mismatch - data flows to the attacker, although AS 3 discarded it

collateral benefit

collateral damage - disconnection

collateral damage - control-plane-data-plane mismatch