Title :
A High Performance Software Architecture for a Secure Internet Routing PKI
Author :
Reynolds, Mark C. ; Kent, Stephen
Author_Institution :
BBN Technol., Cambridge, MA
Abstract :
A PKI in support of secure Internet routing was first proposed in [1] and refined in later papers, e.g., [2]. In this ldquoResourcerdquo PKI (RPKI) the resources managed are IP address allocations and Autonomous System number (AS #) assignments. The RPKI presents a very different implementation challenge from a typical PKI,in that in the RPKI every relying party needs to validate every certificate and CRL at fairly frequent intervals (e.g., daily). In a fully deployed RPKI there will be several hundred thousand digital objects that require validation, so performance is a critical issue for any software implementation. This paper describes the software developed by BBN for use by relying parties in the RPKI, with a special focus on the means and methods used to realize a high performance design. Theoretical discussions are augmented with actual performance data. Highly favorable performance statistics for the BBN approach are concretely demonstrated.
Keywords :
Internet; public key cryptography; security of data; software architecture; telecommunication network routing; IP address allocations; Internet routing; PKI; autonomous system number assignments; performance statistics; software architecture; Application software; Certification; Computer security; Internet; Paper technology; Proposals; Resource management; Routing protocols; Software architecture; Software performance; Infrastructure Security; Routing Infrastructure; Secure Protocols;
Conference_Titel :
Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology
Conference_Location :
Washington, DC
Print_ISBN :
978-0-7695-3568-5
DOI :
10.1109/CATCH.2009.17
