Resource Public Key Infrastructure - RPKI
Resource Public Key Infrastructure (RPKI) is a public key infrastructure framework designed to secure the Internet's routing infrastructure, specifically Border Gateway Protocol (BGP) with full cryptographic trust towards Internet number resource holders. In its basic form BGP allows anyone to advertise a better route, whether maliciously and accidentally through human error. Malicious individuals or simple misconfigurations can cause havoc all other the Internet, from small networks being overloaded, sensitive traffic routing to the wrong destination to major outages across the Internet. RPKI provides a way to connect Internet number resource information (such as IP Addresses) to a trust anchor. Using RPKI, legitimate holders of the number of resources are able to control the operation of Internet routing protocols to prevent BGP or route hijacking.
What is a BGP Hijack?
There are two types of BGP Hijacks. The first type is when an autonomous system (AS) makes an announcement for an equal prefix length and the other occurs when a specific prefix is hijacked.
With an equal prefix length hijack the malicious person, who is not the owner of the autonomous system number announces the same prefix as the legitimate owner. Since BGP must decide and select a route it will route traffic to both the legitimate and illegitimate autonomous system owners. The origin autonomous system owners may notice a slight drop in traffic but not enough to generate an investigation into the matter.
A specific prefix hijack occurs when the malicious autonomous system owner announces a more specific segment of a larger IP block. Both the legitimate and illegitimate autonomous system owners’ prefixes are added to the router’s BGP table, but the more specific address is chosen as the best available path to the network.
How does RPKI work?
The cryptography model of RPKI provides ownership authentication through a public key and certificate infrastructure without having identifying information in them. The certificates add a layer of network security to the IPv4 and IPv6 prefixes. The RPKI certificates are renewed every year.
RPKI verifies the identity of the origin and provides a way to confirm that they are who they say they are. With RPKI the origin of the incoming information and who owns which space is known and validated.
Смотрите видео Resource Public Key Infrastructure - RPKI онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Technically U 12 Апрель 2021, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 1,00 раз и оно понравилось людям.