RPKI Monitor and Visualizer for Detecting and Alerting for RPKI Errors
This project implemented a Resource Public Key Infrastructure (RPKI) security mechanism that mitigates risks to global routing, in the face of errors by or attacks upon RPKI authorities. The mechanism helped detect and counter adverse actions that result from misconfigured or compromised RPKI Certificate Authority (CA), or CAs that have been compelled to misbehave.
The mechanism also offered a distributed, stakeholder-based counter to the power imbalances that arise from the RPKI’s hierarchical system, which parallels the existing Internet Number Resource (INR) allocation hierarchy. The proposed mechanism detects adverse actions in the RPKI and alerts INR holders to these actions that adversely affect their holdings, so that errors can be quickly fixed. It also enables each ISP to decide whether to accept or defer accepting RPKI database changes that appear to be adverse. This is a decentralized approach to mitigating the impact of such actions that are consistent with the decentralized operational model of the Internet.
ZDNS Labs aimed at improving the robustness of the RPKI system and aiding Internet operators to better understand, inspect and troubleshoot the RPKI system. Finally, they expected this project to help promote more widespread adoption of the RPKI system (by reducing the potential impact of errors, attacks, etc.) and thus enhancing security for inter-domain routing architecture.