NIST Develops Test and Measurement Tools for Internet Routing Security
May 14, 2014
The NIST-developed RPKI-Monitor (http://rpki-monitor.antd.nist.gov/) provides continuous test and measurement of the emerging Resource Public Key Infrastructure (RPKI) and its relationship to global Border Gateway Protocol (BGP) routing data.
The RPKI is a distributed special purpose public key infrastructure standardized in the Internet Engineering Task Force (IETF) and deployed by Regional Internet Registries (RIRs) around the world. The RPKI enables cryptographically verifiable assertions about the ownership and use of Internet addresses and Autonomous System Numbers throughout the Internet. New standards emerging from the IETF propose modifications to BGP that leverage the RPKI to prevent malicious route-hijacks and damaging misconfigurations.
Fostering adoption of new technologies that impact global infrastructure is difficult and relies on the Internet industry as a whole having confidence in the correctness and completeness of the new technology and a detailed understanding of its potential operational impact.
The NIST RPKI-monitor continuously gathers data from RPKI repositories around the world, collecting global views of the RPKI and compares that data to traces taken from the Internet’s global routing infrastructure. The NIST tool characterizes the extent of adoption of RPKI technologies, their correctness and completeness as compared to global routing data and the statistical properties of RPKI deployment around the world.