A High Performance Software Architecture for a Secure Internet Routing PKI

Author

Reynolds, Mark C. ; Kent, Stephen

Author_Institution

BBN Technol., Cambridge, MA

fYear

2009

fDate

3-4 March 2009

Firstpage

49

Lastpage

53

Abstract

A PKI in support of secure Internet routing was first proposed in [1] and refined in later papers, e.g., [2]. In this ldquoResourcerdquo PKI (RPKI) the resources managed are IP address allocations and Autonomous System number (AS #) assignments. The RPKI presents a very different implementation challenge from a typical PKI,in that in the RPKI every relying party needs to validate every certificate and CRL at fairly frequent intervals (e.g., daily). In a fully deployed RPKI there will be several hundred thousand digital objects that require validation, so performance is a critical issue for any software implementation. This paper describes the software developed by BBN for use by relying parties in the RPKI, with a special focus on the means and methods used to realize a high performance design. Theoretical discussions are augmented with actual performance data. Highly favorable performance statistics for the BBN approach are concretely demonstrated.

Keywords

Internet; public key cryptography; security of data; software architecture; telecommunication network routing; IP address allocations; Internet routing; PKI; autonomous system number assignments; performance statistics; software architecture; Application software; Certification; Computer security; Internet; Paper technology; Proposals; Resource management; Routing protocols; Software architecture; Software performance; Infrastructure Security; Routing Infrastructure; Secure Protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology

Conference_Location

Washington, DC

Print_ISBN

978-0-7695-3568-5

Type

conf

DOI

10.1109/CATCH.2009.17

Filename

4804426