Activating validation services for route origin, TWNIC continues to safeguard Internet routing security with RPKI

Activating validation services for route origin, TWNIC continues to safeguard Internet routing security with RPKI

People are growingly reliant on the Internet for work, school and daily activities. The impact to people’s life will be unthinkable should the Internet suddenly stop working. Border Gateway Protocol (BGP) is one of the key elements that allow the Internet to maintain smooth operation. BGP hijacking, whether as a result of intentional attack by hackers or unintentional configuration errors, causes disruption to Internet services and even threats to information security. There can be serious consequences, so every government agency, private corporation and individual are obligated to prevent this from happening.

The Taiwan Network Information Center (TWNIC) has been actively promoting Resource Public Key Infrastructure (RPKI) with an aim to enhance Internet routing security since the official signing of TWNIC RPKI Certificate Authority (CA) with the Asia Pacific Network Information Center (APNIC) on September 28, 2018. This is to address security concerns caused by IP address prefix errors. Using RPKI, legitimate holders of number resources are able to control the operation of Internet routing protocols to prevent route hijacking and other attacks.

After two years of efforts, 98% of Taiwan’s IP address holders have completed the setting of RPKI Route Origin Authorization (ROA) in routers, the highest rate among the top 100 on the list of countries by IP address allocations. This marks the successful completion of TWNIC’s phase-one work of the RPKI project. To mark the achievement and to kick off the second phase of the project, TWNIC held Taiwan RPKI Day on September 28, 2020. At the event, TWNIC launched the RPKI Validator service and 46 IP members connected to the Validator server to test the service. They activated the RPKI function of the routers and connected to the TWNIC Validator server, after