Computer Science

Computer Science ›› 2026, Vol. 53 ›› Issue (6A): 251100048-7.doi: 10.11896/jsjkx.251100048

• Information Security • Previous Articles     Next Articles

Review of Evaluation Methods for Resource Public Key Infrastructure Deployment Levels

YANG Xue, JIANG Bowen, LIU Yongxiang, ZHANG Likun, DENG Guiying   

  1. China Internet Network Information Center,Beijing 100070,China
  • Online:2026-06-16 Published:2026-06-12
  • About author:YANG Xue,born in 1981,master,senior engineer.His main research interests include the domain name system,blockchain,IPv6,artificial intelligence and big data.
    DENG Guiying,born in 1979,master,engineer.Her main research interest is big data mining and analysis.

PDF (PC)

26

Abstract: RPKI(Resource Public Key Infrastructure),as a key mechanism for enhancing the security of the BGP(Border Gateway Protocol),directly affects the trustworthiness and resilience of the Internet routing system.Therefore,existing methods for evaluating RPKI deployment based on ROA(Route Origin Authorization) issuance rates are systematically reviewed,and it is pointed out that relying on a single metric makes it difficult to comprehensively reflect the actual deployment effectiveness.Perspectives such as authoritative DNS services,global traffic,and critical asset protection rates are introduced to compensate for these limitations,and the advantages and limitations of each perspective are comparatively analyzed.Analysis based on multidimensional data shows that global RPKI deployment has achieved phased progress,with significant effectiveness in critical infrastructure and core service layers,where more than 70% of authoritative DNS servers and nearly 80% of top global websites have been protected.However,the actual adoption rate of ROV(Route Origin Validation) filtering is only 21.15%,indicating a significant imbalance between resource-side deployment and network-side enforcement,and further advancement of RPKI deployment still requires coordinated efforts in technology,policy,and other aspects.

Key words: Border Gateway Protocol(BGP), Resource Public Key Infrastructure( RPKI), Routing security, Multi-dimensional evaluation

CLC Number: 

  • TP309
[1] NORDSTRÖM O,DOVROLIS C.Beware of BGP attacks[J].ACM SIGCOMM Computer Communication Review,2004,34(2):1-8.
[2] ZHAO M,SMITH W S,NICOL M D.Aggregated path authentication for efficient BGP security[C]//Proceedings of the 2004 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications.2004:179-192.
[3] KENT T S,LYNN C,SEO K.Secure Border Gateway Protocol(S-BGP).[J].IEEE Journal on Selected Areas in Communications,2000,18(4):582-592.
[4] NICOL M D,SMITH W S,ZHAO M.Evaluation of efficient security for BGP route announcements using parallel simulation[J].Simulation Modelling Practice and Theory,2003,12(3):187-216.
[5] OORSCHOT V P,WAN T,KRANAKIS E.On interdomainrouting security and pretty secure BGP(psBGP)[J].ACM Transactions on Information and System Security,2007,10(3):11-es.
[6] GOLDBERG S,HALEVI S,JAGGARD D A,et al.Rationality and traffic attraction[J].ACM SIGCOMM Computer Communication Review,2008,38(4):267-278.
[7] GOLDBERG S,SCHAPIRA M,HUMMON P,et al.How secure are secure interdomain routing protocols[J].ACM SIGCOMM Computer Communication Review,2010,41(4):87-98.
[8] WÄHLISCH M,MAENNEL O,SCHMIDT C T.Towards de-tecting BGP route hijacking using the RPKI[J].ACM SIGCOMM Computer Communication Review,2012,42(4):103-104.
[9] HUSTON G.How we measure:RPKI ROA signing and Route Origination Validation [EB/OL].(2023-11-09) [2025-10-16] .https://blog.apnic.net/2023/11/09/how-we-measure-rpki-roa-signing-and-route-origination-validation/.
[10] HARISH C,KUMAR N C.MANRS Statistical analysis and adoption in india as a collaborative security tool[J].Journal of Cyber Security Technology,2023,7(4):181-198.
[11] STUCCHI M.Introducing MANRS ROA Stats Tool [EB/OL].(2021-07-23) [2025-10-16] .https://manrs.org/2021/07/introducing-manrs-roa-stats-tool/.
[12] European Union.Regulation(EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations(EC) No 1060/2009,(EU) No 648/2012,(EU) No 600/2014,(EU) No 909/2014 and(EU) 2016/1011(Text with EEA relevance) [EB/OL].(2022-12-14) [2025-10-16] .https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2555.
[13] KNIEPS G.Internet of Things,critical infrastructures,and thegovernance of cybersecurity in 5G network slicing[J].Telecommunications Policy,2024,48(10):102867.
[14] PATRICIA C,RUBEN C,NARSEO R V,et al.Measuring the Global Recursive DNS Infrastructure:A View From the Edge[J].IEEE Access,2019:7168020-168028.
[15] Kentik.Kentik and Internet2 Collaborate to Support HigherEducation Institutions with the Delivery of Online Instruction[N].Medical Letter on the CDC & FDA,2020-04-02(612).
[16] BIN L,CHUANG L,JIAN Q,et al.A NetFlow based flow ana-lysis and monitoring system in enterprise networks[J].Compu-ter Networks,2007,52(5):1074-1092.
[17] MADORY D,SNIJDERS J.Measuring RPKI ROV adoptionwith NetFlow [EB/OL].(2022-04-25) [2025-10-16] .https://www.kentik.com/blog/measuring-rpki-rov-adoption-with-netflow/.
[18] ANDERSEN M T,BHATTACHARYA J,LIU P.Resolving intergenerational conflict over the environment under the Pareto criterion[J].Journal of Environmental Economics and Management,2020,10:102290.
[19] HUSTON G.Measuring ROAs and ROV [EB/OL].(2021-03-24) [2025-10-16] .https://blog.apnic.net/2021/03/24/mea-suring-roas-and-rov/.
[20] Kentik.Breaking the 50% Barrier:an RPKI ROV Discussion with Job Snijders[EB/OL].[2025-10-16] .https://fast.wistia.com/embed/transcripts/qpfh2174t5.html.
[21] APNIC Labs.I-Rov Filtering Rate by Country [EB/OL].[2025-10-16] .https://stats.labs.apnic.net/rpki.
[22] LI P,LIU Y,SU J,et al.ROVReco:An ROV deployment re-commendation approach with GNN based on routing betweenness[J].Computer Networks,2025,271:111588.
[23] YU B,LIU X,WANG X.RPKI Defense Capability SimulationMethod Based on Container Virtualization[J].Applied Sciences,2024,14(18):8408.
[24] ZENG M,HUANG X,ZHANG P,et al.Improving Prefix Hija-cking Defense of RPKI From an Evolutionary Game Perspective[J].IEEE Transactions on Dependable and Secure Computing,2024,21(6):5170-5184.
[25] KÜNNEKE-TRENAMAN N.RPKI and the future of routingsecurity[J].Network Security,2019,2019(11):18-19.
[26] WANG C,CHEN S,WU H,et al.A trust enhancement model based on distributed learning and blockchain in service ecosystems[J].Journal of King Saud University - Computer and Information Sciences,2024,36(7):102147.
[27] QIN C Y,ZHANG Y,FANG B X.Survey on decentralized secu-rity-enhanced technologies for RPKI [J].Journal on Communications,2024,45(7):196-205.
[28] CAI X Q,DENG Y,ZHANG L,et al.The Principle and Core Technology of Blockchain [J].Chinese Journal of Computers,2021,44(1):84-131.
[29] WANG Q,LI F J,MA Z.Research onApplication of Blockchain in BGP Route Leakage Protection [J].Computer Engineering,2025,51(8):39-52.
[30] WANG Q,LI F J,NI X L,et al.Research onBlockchain-Based Inter-Domain Routing Security Enhancement [J].Journal of Frontiers of Computer Science and Technology,2024,18(12):3144-3174.
[31] LI Q,LIU J,HU Y,et al.BGP with BGPsec:Attacks and Countermeasures[J].IEEE Network,2019,33(4):194-200.
[32] AZIMOV A,USKOV E,BUSH R,et al.A Profile for Autonomous System Provider Authorization[EB/OL].https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-profile/04/.
[33] BAO Z,MA D,MAO W,et al.Improved BGPPath Protection Mechanism Based on RPKI-ASPA [J].Computer Systems & Applications,2022,31(2):316-324.
[34] JANG S,KO N,KYUNG Y,et al.Network function parallelism configuration with segment routing over IPv6 based on deep reinforcement learning[J].ETRI Journal,2024,47(2):278-289.
[35] VALSECCHI S D A V,DIAS S F L,RIERA R,et al.Network of uncertainties:Network meta-analyses often does not mention key methodological components.[J].Journal of Evaluation in Clinical Practice,2024,31(5):e14170.
[36] WEI M,ZHAO Q,LEI B,et al.FedACT:An adaptive chained training approach for federated learning in computing power networks[J].Digital Communications and Networks,2024,10(6):1576-1589.
[37] PAN C,LU H,SHI H,et al.Inverse Coupled Simulated Annealing for Enhanced OSPF Convergence in IoT Networks[J].Electronics,2024,13(22):4332.
[1] LENG Feng, ZHANG Ming-kai, YAN Zhi-wei, ZHANG Cui-ling, ZENG Yu. Application of Chinese Cryptographic Algorithm in RPKI [J]. Computer Science, 2021, 48(11A): 678-681.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.