To protect against prefix hijacks, Resource Public Key Infrastructure (RPKI) has been standardized. To enjoy the security guarantees of RPKI validation, networks need to install a new component, the relying party validator, which fetches and validates RPKI objects and provides them to border routers. However, recent work shows that relying parties experience failures when retrieving RPKI objects and are vulnerable to attacks, all of which can disable RPKI validation. Therefore even the few adopters are not necessarily secure. We make the first proposal that significantly improves the resilience and security of RPKI. We develop BRP, a Byzantine-Secure relying party implementation. In BRP the relying party nodes redundantly validate RPKI objects and reach a global consensus through voting. BRP provides an RPKI equivalent of public DNS, removing the need for networks to install, operate, and upgrade their own relying party instances while avoiding the need to trust operators of BRP nodes. We show through simulations and experiments that BRP, as an intermediate RPKI service, results in less load on RPKI publication points and a robust output despite RPKI repository failures, jitter, and attacks. We engineer BRP to be fully backward compatible and readily deployable - it does not require any changes to the border routers and the RPKI repositories. We demonstrate that BRP can protect many networks transparently, with either a decentralized or centralized deployment. BRP can be set up as a network of decentralized volunteer deployments, similarly to NTP and TOR, where different operators participate in the peering process with their node, and provide resilient and secure relying party validation to the Internet. BRP can also be hosted by a single operator as a centralized service, e.g., on one cloud or CDN, and provides RPKI validation benefits even when hosted on a single network.

翻译：为防范前缀劫持，资源公钥基础设施（RPKI）已被标准化。为获得RPKI验证的安全保障，网络需部署新组件——可靠性方验证器，用于获取、验证RPKI对象并提供给边界路由器。然而近期研究表明，可靠性方在获取RPKI对象时会出现故障，且易受攻击，这些均可能导致RPKI验证失效。因此，即便少数采用者也无法保证安全性。我们首次提出显著提升RPKI韧性与安全性的方案。我们开发了BRP——一种拜占庭安全的可靠性方实现。在BRP中，可靠性方节点通过冗余验证RPKI对象，并通过投票达成全局共识。BRP提供相当于公共DNS的RPKI服务，使网络无需自行安装、运维及升级可靠性方实例，同时避免对BRP节点运营方的信任依赖。仿真与实验表明，作为中间RPKI服务的BRP能减轻RPKI发布点负载，并在出现RPKI存储库故障、抖动及攻击时仍保持稳健输出。我们设计的BRP完全向后兼容且可即时部署——无需修改边界路由器及RPKI存储库。我们证明BRP可透明保护多数网络，支持去中心化或集中化部署。BRP可构建为去中心化志愿者节点网络（类似NTP与TOR），由不同运营者通过各自节点参与对等互联，为互联网提供韧性安全的可靠性方验证。BRP亦可由单一运营者托管为集中式服务（如部署于单一云或CDN），即使托管于单一网络仍能提供RPKI验证效益。