RPKI Monitor and Visualizer for Detecting and Alerting for RPKI Errors

ZDNS Labs

RPKI Monitor and Visualizer for Detecting and Alerting for RPKI Errors

ZDNS Labs

This project implemented an RPKI security mechanism that mitigates risks to global routing, in the face of errors by or attacks upon RPKI authorities. The mechanism helped detect and counter adverse actions that result from misconfigured or compromised RPKI CA, or CAs that have been compelled to misbehave. The mechanism also offered a distributed, stakeholder-based counter to the power imbalances that arise from the RPKI’s hierarchic system (which parallels the existing INR allocation hierarchy). The proposed mechanism detects adverse actions in the RPKI and alerts INR holders to these actions that adversely affect their holdings, so that errors can be quickly fixed. It also enables each ISP to decide whether to accept or defer accepting RPKI database changes that appear to be adverse. This is a decentralized approach to mitigating the impact of such actions that are consistent with the decentralized operational model of the Internet.

ZDNS Labs aimed at improving the robustness of the RPKI system and aiding Internet operators to better understand, inspect and troubleshoot the RPKI system. Finally, they expected this project to help promote more widespread adoption of the RPKI system (by reducing the potential impact of errors, attacks, etc.) and thus enhancing security for inter-domain routing architecture.

Share this article