Australian Geoff Huston is one of the foremost authorities on Internet routing and scaling issues. We sent Huston, a former Chief Scientist at Telstra Internet, a few questions about the U.S. government's plan to bolster R&D to secure the Internet's core routing protocol, the Border Gateway Protocol (BGP). Here are excerpts of from what Huston had to say:
What's your role in the U.S. Department of Homeland Security's Resource Public Key Infrastructure Initiative (RPKI) [one of two key router security initiatives funded by DHS, the other being BGPSSEC] and your involvement with the DHS on this?
I am the chief scientist at APNIC, the Regional Internet Registry (RIR) for the Asia Pacific Region, and in this role I have been leading the APNIC effort to introduce digital certification of number resources. I am also a co-chair of the Internet Engineering Task Force (IETF) Secure Inter-Domain Routing Working Group (SIDR WG), a group chartered to develop standard technologies intended to produce security mechanisms for inter-domain routing. I am not funded by the U.S. DHS, but I share their concern in this area. I collaborate with a number of researchers who are supported by U.S. research grants.
Can you explain in plain English what RPKI is trying to do and how it relates to improving the security of the Internet's routing system?
Attacks on the routing system can result in outcomes that pervert many conventional forms of security defence and happen in ways that are extremely difficult to detect. Routing attacks can "hijack" addresses, redirecting users' traffic to other than the intended destination, allowing an attacker to "spoof" the identity of the intended victim. Routing attacks also can redirect traffic flows, allowing an attacker to inspect transit traffic without the knowledge of either end party. And routing attacks can disrupt the network, causing chaos and disruption, either directed at a single victim, or more generally at a collection of addresses or at infrastructure elements such as DNS servers.
All these attacks rely on one feature of BGP: the ability for a party to "lie" in routing and for the lie to propagate across the entire network and not be readily and automatically detected as a lie. The RPKI is an essential component of a mechanism that allows such routing lies to be readily identifiable by everyone else using automated processes. In other words, the RPKI does not alter the basic mechanisms of inter-domain routing and does not stop malicious folk from attempting to generate lies in the inter-domain routing environment. But as the routing information is passed through the routing fabric, other parties can use tools and the information loaded into the RPKI to verify the accuracy and authenticity of routing information and correctly identify instances of invalid routing information or lies.
What is the status of the RPKI effort?
In software, a number of efforts are underway to provide tools that implement RPKI services. These include an RPKI software suite authored by APNIC, a set of tools produced by the Internet Software Consortium (ISC) supported by the American Registry for Internet Numbers, and tools developed by BBN.
In standards activity, we have submitted a number of documents to the SIDR WG for standardization that build upon earlier work of adding IP address attributes to digital certificates.
In late 2008, APNIC was the first RIR to include the publication of RPKI certificates as part of its set of services to APNIC resource holders. Holders of IP address resources that are administered by APNIC can now use the APNIC service system to generate digital certificates that can be used to verify digitally signed assertions about IP addresses and their use.
The next steps are to use this framework for the generation of tools that allow ISPs and enterprises to digitally sign "authorities" that relate to routing assertions and to provide tools that allow ISPs and others to validate routing information by matching these signed authorities to the routing information being passed through the inter-domain routing system. The specification of these tools is a task currently underway in the SIDR WG.