Abstract
Most secure routing proposals require the existence of a global public-key infrastructure (PKI) to bind a public/private key-pair to a prefix, in order to authenticate route originations of that prefix. A major difficulty in secure routing deployment is the mutual dependency between the routing protocol and the establishment of a globally trusted PKI for prefixes and ASes: cryptographic mechanisms used to authenticate BGP Update messages require a PKI, but without a secure routing infrastructure in place, Internet registries and ISPs have little motivation to invest in the development and deployment of this PKI. This paper proposes a radically different mechanism to resolve this dilemma: an evolutionary Grassroots-PKI that bootstraps by letting any routing entity announce self-signed certificates to claim their address space. Despite the simple optimistic security of this initial stage, we demonstrate how a Grassroots-PKI provides ASes with strong incentives to evolve the infrastructure into a full top-down hierarchical PKI, as proposed in secure routing protocols like S-BGP. Central to the Grassroots-PKI concept is an attack recovery mechanism that by its very nature moves the system closer to a global PKI. This admittedly controversial proposal offers a rapid and incentive-compatible approach to achieving a global routing PKI.
Original language | English (US) |
---|---|
Pages | 1-6 |
Number of pages | 6 |
State | Published - 2006 |
Externally published | Yes |
Event | 5th ACM Workshop on Hot Topics in Networks, HotNets 2006 - Irvine, United States Duration: Nov 29 2006 → Nov 30 2006 |
Conference
Conference | 5th ACM Workshop on Hot Topics in Networks, HotNets 2006 |
---|---|
Country/Territory | United States |
City | Irvine |
Period | 11/29/06 → 11/30/06 |
ASJC Scopus subject areas
- Computer Networks and Communications