9 June 2014

Video: CrypTech and RPKI (Randy Bush at RIPE 68)

Andrew Mcconachie
By Andrew McconachieFormer Intern

How do we build an open hardware security module that’s verifiably secure? Can we use Openflow and BGP RPKI to enforce route validation in the data plane? In this two part lightning talk Randy Bush introduces two projects he and others have started. The first project is cryptech.is, an open reference design for hardware security modules that aims to be secure from government and private party intrusion. Randy lays out the goals of the project and solicits help from the community. The second project is a BGPSEC experiment being carried out in a New Zealand IXP. In the experiment an Openflow switch placed between two BGP peers is programmed exclusively with routes validated from a route server using RPKI. Randy’s talk, entitled “CrypTech and RPKI/Flow IX” is available for viewing, and the slides are available for download.


After watching, check out our page on BGPSEC to learn more about deploying BGPSEC and RPKI.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...