New Protection From Internet Routing Hijacking and Incorrect Addressing

Posted: January 12, 2011 in Uncategorized

he beginning of January saw the start of a new era for Internet routing. Well, it almost did. Four of the five Regional Internet Registries (RIRs) have deployed the Resource Public Key Infrastructure (RPKI), a robust security framework for verifying the association between resource holders and their Internet resources.

RIPE Network Coordination CentreThe RIRs, like the RIPE Network Coordination Centre (which is responsible for the European part of the Internet), provide Internet resource allocations, registration services and co-ordination activities. RPKI allows ISPs and network operators to verify the accuracy of routes on the Internet and to prevent fraudulent or erroneous misdirection of Internet traffic. A famous example of erroneous routing happened in 2008 when the YouTube web site was unavailable in several different parts of the world because Pakistan Telecom incorrectly co-opted YouTube’s IP address range as its own.

The only RIR not to implement RPKI yet is the American Registry for Internet Numbers (ARIN). According to their website their deployment has been delayed until “very early in the second quarter of 2011″.

Once AIRN is up and running the use of Resource Certificates will mean that worldwide each resource holder will own a certificate which lists the Internet resources (IPv4 addresses, IPv6 addresses, and Autonomous System Numbers) that are owned by the certificate holder (e.g. an ISP). The certificate are of course encrypted and by using the public keys associated with the certificate owner the list of Internet resources can be easily verified.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s