LACNIC

Routing

Advantages of the FORT Project’s RPKI Validator

30/07/2020

By Jorge Cano *

NIC Mexico’s research lab was created for the main purpose of helping the Internet grow. One of our activities consists of creating free open-source tools to help the Internet community. This means that everyone can use the source code of these tools at no cost within testing or production environments.

We are currently working on three projects, which I will present in chronological order of their creation. Jool, an implementation of NAT64 and SIIT for Linux, which enables communication between IPv4 and IPv6 devices; RedDog, a framework that offers developers a quick and easy way to create RDAP servers, and FORT Validator, our most recent project created together with LACNIC.

 FORT Validator. Fort Validator is an implementation of an RPKI Relying Party; in other words, it comprises an RPKI validator and an RTR server. The validator is responsible for downloading the RPKI repositories and verifying the digital signatures to ensure that all the information related to route origin authorizations (ROAs) is authentic and has not been tampered with by malicious third parties. Once the validated information is available, it uses the RTR server to transmit this information to the routers. This helps avoid problems such as route hijacking, certain configuration errors, and BGP announcement leaks.

Problems such as route hijacking are extremely serious for Internet users, as they allow malicious attackers to access sensitive user information, including financial, banking, or personal information. And all of this without the user noticing the issue or being able to do something about it. Groups of cybercriminals, for example, have used route hijacking attacks to steal millions of dollars from cryptocurrency users.

Advantages. The most important concepts on which we chose to base the design and development of the FORT Project include the four listed below.

Security: Cybersecurity is extremely important to our team, which is why security has been a top priority since the initial stages of FORT. Our goal is for FORT to be as reliable and secure as possible for its users.

Performance: Another aspect we focused on since early on during the design stages is that FORT should be very efficient in the use of available hardware resources. The goal is for FORT to work even on small virtual machines or servers with limited resources.

Quality: Product quality is also something we have kept in mind across all stages of the FORT Project. We devoted a good part of the project’s implementation time to testing, not only to ensure that FORT was working properly, but also to assess other parameters such as usability, resilience, performance, and support.

Flexibility: We understand that not all operators have exactly the same needs, so our goal has been for FORT to be fully configurable. This means that it has an excellent default behavior but if, for whatever reason, an operator wishes to make some adjustments to better integrate FORT into their infrastructure, they can easily do it.

FORT Validator is available to network operators anywhere in the world; they do not have to be members of any organization. All they need is for their infrastructure to include routers that are connected to the Internet and the desire to increase Internet browsing security and reliability for their clients.

Click here for more information on the FORT Validator.

*Expert at Nic México