We introduce a family of authenticated data structures -Ordered Merkle Trees (OMT) -and illustrate their utility in security kernels for a wide variety of sub-systems. Specifically, the utility of two types of OMTs: a) the index ordered merkle tree (IOMT) and b) the range ordered merkle tree (ROMT), are investigated for their suitability in security kernels for various sub-systems of Border Gateway Protocol (BGP), the Internet's inter-autonomous system routing infrastructure. We outline simple

more »

... eneric security kernel functions to maintain OMTs, and sub-system specific security kernel functionality for BGP subsystems (like registries, autonomous system owners, and BGP speakers/routers), that take advantage of OMTs. KEYWORDS Security Kernels, Broader Gateway Protocol (BGP), Authenticated Data Structure (ADS) Ordered Merkel Tree An ADS [3, 4, 5, 6, 7] is a strategy for obtaining a concise cryptographic commitment for a set of records. Often, the commitment is the root of a hash tree. Any record can be verified against the commitment by performing a small number of hash operations. An ordered merkle tree (OMT) is an ADS that is derived as an extension of the better known merkle hash tree. Similar to a plain merkle tree, an OMT permits a resource (computation and storage) limited module to track the records in a dynamic database of any size, maintained by untrusted components of the associated sub-system. Using an OMT (instead of a plain merkle tree) permits the resource limited module to additionally infer a few other "useful holistic properties" regarding the database. For illustrating the broad utility of OMTs, we explore the security kernel functionality necessary for assuring the operation of various BGP sub-systems like IP and autonomous system (AS) registry/registrars, AS owners, and BGP speakers, etc.