david wong

Hey ! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

List of terms from "Threat Model for BGP Path Security" December 2015

the Threat Model for BGP Path Security document lists, as RFCs usually do, relevant terms with their respective definitions. It can be a quick way to get an understanding of these abbreviations you often come across but never dare to google:

  • Autonomous System (AS): An AS is a set of one or more IP networks operated by a single administrative entity.

  • AS Number (ASN): An ASN is a 2- or 4-byte number issued by a registry to identify an AS in BGP.

  • Border Gateway Protocol (BGP): A path vector protocol used to convey "reachability" information among ASes in support of inter-domain routing.

  • False (Route) Origination: If a network operator originates a route for a prefix that the operator does not hold (and that has not been authorized to originate by the prefix holder), this is termed false route origination.

  • Internet Service Provider (ISP): An organization managing (and typically selling) Internet services to other organizations or individuals.

  • Internet Number Resources (INRs): IPv4 or IPv6 address space and ASNs.

  • Internet Registry: An organization that manages the allocation or distribution of INRs. This encompasses the Internet Assigned Number Authority (IANA), Regional Internet Registries (RIRs), National Internet Registries (NIRs), and Local Internet Registries (LIRs) (network operators).

  • Network Operator: An entity that manages an AS and thus emits (E)BGP updates, e.g., an ISP.

  • Network Operations Center (NOC): A network operator employs a set of equipment and a staff to manage a network, typically on a 24/7 basis. The equipment and staff are often referred to as the NOC for the network.

  • Prefix: A prefix is an IP address and a mask used to specify a set of addresses that are grouped together for purposes of routing.

  • Public Key Infrastructure (PKI): A PKI is a collection of hardware, software, people, policies, and procedures used to create, manage, distribute, store, and revoke digital certificates.

  • Relying Parties (RPs): An RP is an entity that makes use of signed products from a PKI, i.e., it relies on signed data that is verified using certificates and Certificate Revocation Lists (CRLs) from a PKI.

  • RPKI Repository System: The RPKI repository system consists of a distributed set of loosely synchronized databases.

  • Resource PKI (RPKI): A PKI operated by the entities that manage INRs and that issue X.509 certificates (and CRLs) that attest to the holdings of INRs.

  • RPKI Signed Object: An RPKI signed object is a data object encapsulated with Cryptographic Message Syntax (CMS) that complies with the format and semantics defined in [RFC6488].

  • Route: In the Internet, a route is a prefix and an associated sequence of ASNs that indicates a path via which traffic destined for the prefix can be directed. (The route includes the origin AS.)

  • Route Leak: A route leak is said to occur when AS-A advertises routes that it has received from AS-B to the neighbors of AS-A, but AS-A is not viewed as a transit provider for the prefixes in the route.
Well done! You've reached the end of my post. Now you can leave me a comment :)