The Horizontal INR Conflict-Detection Algorithm: Revealing INR Reallocation and Reauthorization in RPKI*

摘要

Resource Public Key Infrastructure (RPKI) is a promising security enhancement to the Border Gateway Protocol, but it only requires the relying party (RP) to validate Internet Number Resource (INR) allocation or authorization relationships expressed in parent-child certificate pairs vertically. Therefore, conflicts in INR allocation and authorization may exist because of the limitations of the validation procedure of the RP software, in other words, certification authority malfunctions in issuing RPKI objects within a publication point cannot be detected by the RP. We develop a model of such conflicts and propose a horizontal INR conflict-detection algorithm with acceptable build time and query time. The proposed algorithm was tested on real-world RPKI data to identify actual and potential INR conflicts and its accurateness has been tried to be evaluated. This paper also discusses the deployment issues and the accuracy dependence about our algorithm design.