| Abstract | BGP is a gaping hole in Internet security, as evidenced by numerous hijacks and outages. The significance of BGP for stability and security of the Internet has made it a top priority on the cyber security agenda of the US government, with CISA, FCC, and other federal agencies leading the efforts.To protect against prefix hijacks, Resource Public Key Infrastructure (RPKI) has been standardized. Yet, RPKI validation is still not widely supported. To enjoy the security guarantees of RPKI, networks need to install a new component, the Relying Party validator, which fetches and validates RPKI objects and provides them to border routers. However, research showed that Relying Parties experience failures when retrieving RPKI objects and are vulnerable to a range of attacks, all of which can disable RPKI validation. Therefore, even the few adopters are not necessarily secure.We propose a Byzantine-secure Relying Party functionality, we call ByzRP, and show that it significantly improves the resilience and security of RPKI validation. With ByzRP, Relying Party nodes redundantly validate RPKI objects and reach a global consensus through a voting process. ByzRP removes the need for networks to install, operate, and upgrade their own Relying Party instances on the one hand, and does not require to trust the individual operators of ByzRP nodes on the other hand.We show through simulations and experimental evaluations that ByzRP, as an intermediate RPKI service, reduces the load on RPKI publication points and produces a robust output, despite RPKI repository failures, jitters, and attacks. We engineer ByzRP to be fully backward compatible and readily deployable - it does not require any changes to border routers and RPKI repositories. We demonstrate that ByzRP can protect networks transparently, either with a decentralized or a centralized deployment and it enables users to independently verify the correctness of its operation. |
|---|
