dRR: A Decentralized, Scalable, and Auditable Architecture for RPKI Repository
Yingying Su
Network and Distributed System Security (NDSS) Symposium 2024 · Day 1 · Resource PKI
The talk introduces **dRR**, a novel architecture designed to fortify the Resource Public Key Infrastructure (RPKI) Repository, a critical element for securing inter-domain routing and preventing IP prefix hijackings. While RPKI has demonstrated its effectiveness over the past decade in establishing trustworthy mappings between Autonomous Systems (ASes) and IP prefixes, its underlying repository infrastructure has remained significantly understudied and, as this research reveals, harbors several critical vulnerabilities. Yingying Su's presentation meticulously details a data-driven security analysis, encompassing a worldwide survey of AS administrators and a large-scale measurement of the existing RPKI Repository, to uncover three fundamental problems: the unilateral power of RPKI authorities, the singleton nature of RPKI objects leading to single points of failure, and the escalating scalability challenges for Relying Parties (RPs).