Impacting IP prefix reachability via RPKI manipulations

Brogle, Kyle; Cooper, Danny; Goldberg, Sharon; Reyzin, Leonid

Impacting IP prefix reachability via RPKI manipulations

Files

2013-001-ip-prefix-reachability-via-rpki.pdf(449.53 KB)

Date

2013-01-07

Authors

Brogle, Kyle

Cooper, Danny

Goldberg, Sharon

Reyzin, Leonid

URI

https://hdl.handle.net/2144/11410

Citation

Brogle, Kyle; Cooper, Danny; Goldberg, Sharon; Reyzin, Leonid. "Impacting IP Prefix Reachability via RPKI Manipulations", Technical Report BUCS-TR-2013-001, Computer Science Department, Boston University, January 7, 2013. [Available from: http://hdl.handle.net/2144/11410]

Abstract

The RPKI is an infrastructure that will provide digitally signed attestations for the hierarchical allocation and suballocation of IP addresses. Its goal is to improve security of interdomain routing by providing reliable data showing which autonomous system (AS) is authorized to originate which IP prefix. We discuss how the hierarchical nature of the RPKI makes it technically possible for any party above a target IP prefix in the RPKI hierarchy to revoke that target IP prefix. We show that such revocation can be ``surgical''---i.e., impacting only the desired IP address or prefix---and difficult to detect. We also discuss the impact such revocation has on routing. This note focuses only on the issues of technical feasibility (rather than legal or operational issues), and should not be taken as recommendation for or against the use of the RPKI.

Collections

CAS: Computer Science: Technical Reports

Full item page