On November 15th, at the 2nd China Internet Basic Resources Conference, the Computer Network Information Center of the Chinese Academy of Sciences announced that it was the first to successfully deploy and launch a routing information control authentication system based on RPKI (Internet Number Resource Public Key Infrastructure) on China Science and Technology Network. . The National Engineering Research Center for Internet Domain Name System (ZDNS) helped China Science and Technology Network become the first backbone network operator in mainland China that supports and deploys the RPKI routing authentication mechanism on the existing network, which means that the IP address routing security authentication work has officially started in my country.
Due to the initial design flaws in the Internet standard, the lack of identity verification for IP addresses has caused the problem of "pseudo base stations" on the Internet. Some criminals “hijack” Internet traffic to their own servers by broadcasting fake IP addresses on the Internet or impersonating others’ IP addresses. In order to solve the problem of "security loopholes" caused by false addresses on the Internet, the global Internet technical standard-making organization IETF has issued a series of RPKI technical standards since 2012 to solve this security problem by verifying IP addresses.
RPKI is an authorization and authentication system for global Internet code number resources (IP address, AS number), and it is becoming the trust anchor and management portal of the global Internet IP address allocation system and routing control system. The resulting "IP Root Server" has prompted countries to deploy autonomous and controllable routing control certification services, enabling routing control certification to converge to the national network management boundary, providing a globally recognized source of routing information, and avoiding the threat of "route disconnection".
In October of this year, ZDNS deployed an autonomous and controllable routing information control authentication service platform RPKI-X at the Jinhua Network Foundation Research Center. RPKI-X maintains synchronization with the global RPKI database, and uses encrypted channels to distribute RPKI verification data to the user network control system after data verification and detection for routing decision control. In accordance with the IETF RFC8416 technical standard, the system also integrates an operator-oriented RPKI localization control and security assurance system to ensure the independent control of RPKI operation and management.
Dr. Ma Di, chief researcher of ZDNS, guest researcher of the Computer Network Information Center of the Chinese Academy of Sciences, and co-founder of the Asia-Pacific Internet Information Center (APNIC) Routing Security SIG, said that the Internet routing information control certification service platform RPKI-X can be a backbone for my country’s backbone network operators and the Internet. Exchange centers and network cloud service providers provide safe, intelligent and convenient localized RPKI data services. After the platform was launched, China Science and Technology Network was deployed and launched as soon as possible, indicating that my country has the RPKI data verification service capabilities, and has begun to build a routing security system for my country’s Internet management to ensure the independent control of my country’s Internet routing information control certification. Another important upgrade of the basic network security ecosystem.