How do we build an open hardware security module that’s verifiably secure? Can we use Openflow and BGP RPKI to enforce route validation in the data plane? In this two part lightning talk Randy Bush introduces two projects he and others have started. The first project is cryptech.is, an open reference design for hardware security modules that aims to be secure from government and private party intrusion. Randy lays out the goals of the project and solicits help from the community. The second project is a BGPSEC experiment being carried out in a New Zealand IXP. In the experiment an Openflow switch placed between two BGP peers is programmed exclusively with routes validated from a route server using RPKI. Randy’s talk, entitled “CrypTech and RPKI/Flow IX” is available for viewing, and the slides are available for download.
After watching, check out our page on BGPSEC to learn more about deploying BGPSEC and RPKI.