RPKI Seminar

When: 16:00-17:30, Tuesday, 24 August 2010
Where: Hinterland Room 2
Moderator: George Michaelson, APNIC

This seminar looks at the importance of Resource certification which offers a means to make inter-domain routing more secure.

The Resource Public Key Infrastructure (RPKI) enables users of public networks, such as the Internet, to verify the authenticity of data that has been digitally signed by the originator of the data.

When a block of data is signed using a resource holder's private key, the data can be verified by the recipient using the signer's public key. This verification process can detect attempts to tamper with the data in any way.

The overall aim is a secure routing infrastructure where any party is able to validate routing advertisements such that they are confident in asserting that the information being passed through the Internet's routing system is correct and that it corresponds to the intentions of the address holder. This confidence is achieved with a combination of certification of resource holdings via Resource Certificates and a validation structure for such certification in the form of a Resource Public Key Infrastructure (RPKI).

All five Regional Internet Registries (RIRs) are committed to the adoption of common standards, based on the IETF process. The RPKI systems being put in place by other Internet registries were developed jointly and continue to be tested against each other so that Certificates issued by one Registry will remain valid in other regions.

16:00 BBN's RPKI Relying Party Software
Dr. Stephen T. Kent, BBN Technologies
Slides 1.6 MB
RPKI Tools from Soup to Nuts
Rob Austein, ISC
Slides 431.1 KB
RIPE NCC Certification Software
Tim Bruijnzeels, RIPE NCC
Slides 1.3 MB
Using RPKI tools in MyAPNIC
Robert Loomans, APNIC
Slides 2.2 MB
Slides (alt) 1.7 MB

Stephen Kent

Vice President & Chief Scientist - Information Security
BBN Technologies

In his role as Chief Scientist, Dr. Kent oversees information security activities within BBN Technologies, and works with government and commercial clients, consulting on system security architecture issues. In this capacity he has acted as system architect in the design and development of network security systems for the U.S. Department of Defense and served as principal investigator on a number of network security R&D projects for over 25 years.

Over the last two decades, Dr. Kent's R&D activities have included the design and development of user authentication and access control systems, network layer encryption and access control systems, secure transport layer protocols secure e-mail technology, public-key certification authority systems, PKI models, and key recovery (key escrow) systems. His most recent work focuses on security for Internet routing, voice over IP, and high assurance cryptographic modules.

The author of two book chapters and numerous technical papers on network security, Dr. Kent has served as a referee, panelist, session chair and keynote speaker for security conferences around the world. Since 1977 he has lectured on the topic of network security on behalf of government agencies, universities, and private companies throughout the United States, Europe, Australia, Africa and the Far East. Dr. Kent received the B.S. degree in mathematics from Loyola University of New Orleans, and the S.M., E.E., and Ph.D. degrees in computer science from the Massachusetts Institute of Technology. He is a Fellow of the ACM and a member of the Internet Society and Sigma Xi.

Rob Austein

Software Engineering Manager
Internet Systems Consortium

Prior to his incarceration at ISC, he also served time at InterNetShare, Inc., Integrated Systems, Inc., Epilogue Technology Corporation, and MIT's Laboratory for Computer Science.  After spending a number of years working on everything from mainframes to deeply embedded systems, Rob has at one time or another worked at almost every layer of the protocol stack, but feels most at home somewhere around layer 3. He is, however, probably best known for having wandered aimlessly into the early specification and deployment of the DNS, and, as a result, has spent entirely too much of the intervening time at layer 9.

At present, Rob spends 50 weeks out of every year trying to figure out how (and why) the Internet works; the other two weeks of each year areusually devoted to gravitational research in the Tetons.

^ Top    < Home