数据与计算发展前沿

• •    

基于行为透明性的RPKI撤销检测机制

邹慧, 李彦彪, 于晨晖, 马迪, 毛伟, 
  

  1. 1. 中国科学院计算机网络信息中心, 北京 100190
    2. 中国科学院大学,北京 100049
    3. 互联网域名系统北京市工程研究中心,北京 100190
  • 收稿日期:2021-10-20

A Revocation Detection Mechanism in RPKI Based on Behavior Transparency

ZOU Hui, LI Yanbiao, YU Chenhui, MA Di, MAO Wei,    

  1. 1. Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China
    2. University of Chinese Academy of Sciences, Beijing 100049, China
    3. ZDNS, Beijing 100190, China
  • Received:2021-10-20

摘要:

【目的】为应对当前互联网码号资源公钥基础设施(Resource Public Key Infrastructure, RPKI)层级式认证机制下因单边撤销导致的资源失效问题,本文提出了一种基于行为透明性(Behavior Transparency, BT)的单边撤销检测机制,并通过实验验证了该机制的效果和性能。【方法】本文详细分析了当前RPKI架构下的单边撤销问题和由此导致的下级认证权威(Certificate Authority, CA)资源失效风险,通过部署日志服务器记录CA签发行为来提高CA签发行为的透明性,并以此为基础设计了高效的单边撤销实时监测和应急处置机制。【结果】实验结果表明,在部署有日志服务器且日志服务器足够安全可控的前提下,该机制的检测效率能满足当前架构性能需求,且准确率达到100%,传输开销可忽略不计。【局限】该机制在面向未来的RPKI大规模部署环境下的效率、准确率和可扩展性还有待进一步验证。【结论】本文所提基于行为透明性的RPKI撤销检测在当前RPKI实际部署环境下新引入的开销较小,能有效实现检测目的,支持CA实时监测其自持有资源有效性以及针对其的单边撤销行为。

关键词:

Abstract:

[Objective] In response to the issue of resource failure caused by the unilateral revocation in the current Resource Public Key Infrastructure (RPKI), this paper proposes a novel scheme based on Behavior Transparency (BT) to detect unilateral revocations, and demonstrate its effect and performance via extensive experiments. [Methods] This paper first analyzes in detail the issue of unilateral revocation, as well as the risk of resource failures resulting from it, and then proposes to monitor and handle unilateral revocations with the help of a log server that records issuance behaviors of CAs.[Results] According to the experimental results, the efficiency of the proposed scheme satisfies the performance demand posed by the current RPKI system, and its accuracy in detecting unilateral revocations can reach 100% as long as a credible and fully controllable log server is deployed. Moreover, additional transmission overheads resulting from communicating with the log server are negligible. [Limitations] The accuracy, performance, and scalability of the proposed scheme need to be further evaluated in large-scale RPKI systems to verify its value in case that RPKI is fully or near-fully deployed in the future. [Conclusions] In current RPKI systems, the proposed scheme can effectively detect unilateral revocations with negligible overheads, enabling CAs to monitor the effectiveness of their resources and the fact whether their superiors revoke their issuance.

Key words: