Cloudflare wants to use a new technology to prevent internet routing problems from occurring. By installing a new feature, resource public key infrastructure (RPKI), it becomes more difficult to divert Internet traffic, reports TechCrunch.

Internet routing is a fundamental part of how the Internet works. It depends on the border gateway protocol (BGP), which determines how the traffic is routed on the internet, via which nodes. BGP in turn depends on the trust between network operators that they do not send incorrect or malicious data. However, sometimes mistakes occur, a human error is easily made. This type of erroneous data can form a “route leak”, which leads to confusion on the network through which route the traffic should go. As a result, major disruptions often occur. Cybercriminals can also take advantage of this via a route hijack. In addition, they divert unencrypted traffic, so that it can be read and adjusted.

RPKI

Cloudflare wants to make this something of the past, using RPKI. RPKI is now rolled out for free to all its customers. This should make it more difficult to divert traffic just like that, whether it is accidental or deliberate. RPKI ensures that the traffic goes to the right place, via a route that is verified by means of cryptographically signed certificates.

“When two networks connect – AT&T and Verizon, for example – they announce the set of IP addresses for which they need to send traffic,” said Nick Sullivan, head of cryptography at Cloudflare. “The RPKI is a security framework to ensure that a network only announces its legitimate IP addresses.”

Cloudflare says that RPKI is better at preventing network leakage than attacks by cybercriminals. However, it calls it the “first milestone” in the transition from trust-based routing to routing based on authentication. Networks are protected from sending traffic to the wrong place, which gives us ‘a safer and more stable Internet’.

Adoption

At the moment the adoption of RPKI is between 8 and 9 percent. But only 1 percent of the networks use strict RPKI validation. The system can only be effective if many network operators use it. That’s why the company wanted to encourage greater adoption by showing that it can be done easily and cost effectively.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.