Skip to content. | Skip to navigation

Personal tools

This is SunRain Plone Theme


You are here: Home / Publications


Matthias Wählisch, Fabian Holler, Thomas C. Schmidt, Jochen H. Schiller,
RTRlib: An Open-Source Library in C for RPKI-based Prefix Origin Validation,
In: Proc. of USENIX Security Workshop CSET'13, USENIX Assoc. : Berkeley, CA, USA, 2013.

Abstract: A major step towards secure Internet backbone routing started with the deployment of the Resource Public Key Infrastructure (RPKI). It allows for the cryptographic strong binding of an IP prefix and autonomous systems that are legitimate to originate this prefix. A fundamental design choice of RPKI-based prefix origin validation is the avoidance of cryptographic load at BGP routers. Cryptographic verifications will be performed only by cache servers, which deliver valid AS/prefix mappings to the RPKI-enabled BGP router using the RPKI/RTR protocol. In this paper, we give first insights into the additional system load introduced by RPKI at BGP routers. For this purpose, we design and implement a highly efficient C library of the RPKI/RTR router part and the prefix origin validation scheme. It fetches and stores validated prefix origin data from an RTR-cache and performs origin verification of prefixes as obtained from BGP updates. We measure a relatively small overhead of origin validation on commodity hardware (5% more RAM than required for full BGP table support, 0.41% load in case of ca. 92,000 prefix updates per minute), which meets real-world requirements of today.

Themes: Network Security


This page generated by bibTOhtml on Fri 23 Aug 00:05:06 CEST 2019

Document Actions

« August 2019 »
Upcoming Events
RIOT Hack'n'ACK (2019/08) Aug 27, 2019 05:00 PM - 11:00 PM — HAW Hamburg, BT7, R4.60
RIOT Hack'n'ACK (2019/09) Sep 24, 2019 05:00 PM - 11:00 PM — HAW Hamburg, BT7, R4.60
RIOT Hack'n'ACK (2019-10) Oct 29, 2019 05:00 PM - 11:00 PM — HAW Hamburg, BT7, R4.60
Upcoming events…