Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Workshop Organizers
  • Registration Information
  • Registration Discounts
  • At a Glance
  • Calendar
  • Workshop Program
  • Birds-of-a-Feather Sessions
  • Co-located Workshops
  • Sponsorship
  • Activities
  • Hotel and Travel Information
  • Students
  • Questions
  • Help Promote!
  • For Participants
  • Call for Papers
  • Past Workshops

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » RTRlib: An Open-Source Library in C for RPKI-based Prefix Origin Validation
Tweet

connect with us

http://twitter.com/usenixsecurity
https://www.facebook.com/usenixassociation
http://www.linkedin.com/groups/USENIX-Association-49559/about
https://plus.google.com/108588319090208187909/posts
http://www.youtube.com/user/USENIXAssociation

RTRlib: An Open-Source Library in C for RPKI-based Prefix Origin Validation

Authors: 

Matthias Wählisch, Freie Universität Berlin; Fabian Holler and Thomas C. Schmidt, Hamburg University of Applied Sciences; Jochen H. Schiller, Freie Universität Berlin

Abstract: 

A major step towards secure Internet backbone routing started with the deployment of the Resource Public Key Infrastructure (RPKI). It allows for the cryptographic strong binding of an IP prefix and autonomous systems that are legitimate to originate this prefix. A fundamental design choice of RPKI-based prefix origin validation is the avoidance of cryptographic load at BGP routers. Cryptographic verifications will be performed only by cache servers, which deliver valid AS/prefix mappings to the RPKI-enabled BGP router using the RPKI/RTR protocol.

In this paper, we give first insights into the additional system load introduced by RPKI at BGP routers. For this purpose, we design and implement a highly efficient C library of the RPKI/RTR router part and the prefix origin validation scheme. It fetches and stores validated prefix origin data from an RTR-cache and performs origin verification of prefixes as obtained from BGP updates. We measure a relatively small overhead of origin validation on commodity hardware (5% more RAM than required for full BGP table support, 0.41% load in case of ≈ 92,000 prefix updates per minute), which meets real-world requirements of today.

Matthias Wählisch, Freie Universität Berlin

Fabian Holler, Hamburg University of Applied Sciences

Thomas C. Schmidt, Hamburg University of Applied Sciences

Jochen H. Schiller, Freie Universität Berlin

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {179214,
author = {Matthias W{\"a}hlisch and Fabian Holler and Thomas C. Schmidt and Jochen H. Schiller},
title = {RTRlib: An Open-Source Library in C for RPKI-based Prefix Origin Validation},
booktitle = {6th Workshop on Cyber Security Experimentation and Test ({CSET} 13)},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/cset13/workshop-program/presentation/w{\"a}hlisch},
publisher = {{USENIX} Association},
month = aug,
}
Download
Wählsich PDF
View the slides

Presentation Audio

MP3 Download OGG Download

Download Audio

  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Conference Policies
  • Contact Us