RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2023/04/11 11:20:09

RPK (Resource Public Key Infrastructure)

2023: Creating a Standard

On April 4, 2023, the Standardization Forum Netherlands announced the introduction of a new Internet routing mechanism that is almost impossible to hack. We are talking about RPKI technology, or Resource Public Key Infrastructure (resource certification).

It is reported that RPKI protects against erroneous redirection of Internet traffic - maliciously or not - through cryptographic route verification. The standard uses digital certificates to protect the dynamic routing protocol (BGP), which is designed to exchange information about the reachability of subnets between autonomous systems. The BGP protocol, along with DNS, is one of the main mechanisms that ensure the functioning of the Internet.

Standardization Forum in the Netherlands announced the introduction of a new Internet routing mechanism that is almost impossible to hack

The RPKI standard ensures that traffic passes through a legitimate network operator controlling IP addresses on the destination path. RPKI certificates are stored centrally and publicly available, allowing network providers from anywhere in the world to check Internet traffic routes. In network infrastructures that implement RPKI, Internet traffic is guaranteed to be routed only over authorized paths, eliminating the risks of man-in-the-middle attacks or other data-breach and interception interventions.

Without RPKI, Internet routing depends on the trust of network operators advertising the IP prefixes they manage. However, with such a model, there are risks: if the operator falsely declares that he is processing a certain set of IP addresses, he will receive traffic that would otherwise follow a different path. In addition to the negative impact on performance (for example, delays in processing requests and failures), a trust-based approach opens up the possibility of intercepting data, which, in particular, allows falsifying IP addresses for sending spam.[1]

Notes