Introduction to RPKI

Problem Statement

Routing, having been conceived near the inception of networking, was hardly designed with security as a primary concern. As a result, routing protocols (in their vanilla forms) are vulnerable to several attacks.

Solution

The RPKI (Resource Public Key Infrastructure) is a PKI (Public Key Infrastructure) that deals with Internet Resources. (In this context, “resource” refers to IP Addresses and AS numbers.)

Basically, the idea is that one should be able to verify the origin of a route by following a chain of cryptographically-signed certificates rooted at one of the RIRs:

img/chain.svg

The end result is a Route Origin Attestation (ROA), a digitally signed object that serves as a trustworthy attestation that an IP address block holder has authorized an Autonomous System (AS) to originate routes to its address block (or some of its children).

So we end up with a tree-shaped trust network (one for each RIR) in which lots of authorities (Certificate Authority–CA) attest to their resource suballocations:

img/tree.svg

In the RPKI, all of these files are required to be publicly-available, so anyone can verify them.

This is, however, too much work for a router, so the validation work is deferred to a trusted Relying Party (RP). That’s where Fort comes in.