Presented at
Black Hat USA 2022,
Aug. 10, 2022, 2:30 p.m.
(30 minutes)
The recent hijack of Twitter prefix by RTCOMM demonstrated the central role of RPKI for Internet routing security. The RPKI filtering (ROV) by major networks limited the propagation of the hijacked prefix.
We demonstrate the first downgrade attacks against RPKI, which allows remote adversaries to disable RPKI validation, hence exposing to prefix hijacks. In our attacks a malicious RPKI publication point stalls the relying party implementations, disabling the RPKI validation on those networks.
We show that all the current RPKI relying party implementations are vulnerable to attacks by a malicious publication point. This translates to 20.4% of the IPv4 address space.
We provide recommendations for preventing our downgrade attacks. However, resolving the fundamental problem is not straightforward: if the relying parties prefer security over connectivity and insist on RPKI validation when ROAs cannot be retrieved, the victim AS may become disconnected from many more networks than just the one that the adversary wishes to hijack. Our work shows that the publication points are a critical infrastructure for Internet connectivity and security. Our main recommendation is therefore that the publication points should be hosted on robust platforms guaranteeing a high degree of connectivity.
Presenters:
-
Tomas Hlavecek
- PhD Student, Technische Universität Darmstadt & Fraunhofer Institute for Secure Information Technology SIT
Tomas Hlavacek is a PhD Student at the Technische Universität Darmstadt, working on Internet Routing Security. His focus is RPKI and descendant technologies. He is active in the internet community, helping to operate both commercial and not-for-profit experimental infrastructure and to develop software for critical infrastructure of the Internet.
-
Donika Mirdita
- PhD Student, Technische Universität Darmstadt & Fraunhofer Institute for Secure Information Technology (SIT)
Donika Mirdita is a PhD Candidate at the Technische Universität Darmstadt. Her research focus is network security.
-
Michael Waidner
- Professor for Computer Science, Technische Universität Darmstadt
Michael Waidner is the Director of the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) and Professor (Chair) for Security in IT at Technische Universität Darmstadt. He is also the CEO of the National Research Center for Applied Cyber Security ATHENE. Since 2017 he is also the Chief Digital Office (CDO) of the city of Darmstadt. With more than 130 publications, Michael Waidner is one of the preeminent scientists in IT security. He is an IEEE Fellow and ACM Distinguished Scientist. He received his PhD from the University of Karlsruhe (now known as KIT). Until 2010, he was an IBM Distinguished Engineer and the Chief Technology Officer for Security, responsible for the technical security strategy and architecture of the IBM Corporation. Before that, he headed security research at IBM Zurich Research Laboratory in Rüschlikon, Switzerland.
-
Haya Shulman
- Professor, Goethe-Universität Frankfurt und Fraunhofer SIT
<div><span>Prof. Dr. Haya Shulman is a full professor for Computer Science at the Johann Wolfgang Goethe-Universität Frankfurt, and the director of the Cybersecurity Analytics and Defenses department at the Fraunhofer Institute for Secure Information Technology SIT in Darmstadt. She is also a member of the Board of Directors of the National Research Center for Applied Cybersecurity ATHENE and head of the Analytics-Based Cybersecurity research area of ATHENE. She is also a director of the Fraunhofer Innovation Platform for Cybersecurity at the Hebrew University of Jerusalem in Israel, where she holds the position of a visiting professor.</span></div><div><span><br></span></div><div><span>Haya Shulman has extensive experience in applied cybersecurity research, in industry and academia. </span></div><div><span><br></span></div><div><span>She is author of more than 90 scientific articles published at top scientific conferences and journals. She serves on the program committees of several of the top scientific conferences and on the editorial boards of the ACM Computing Surveys and the ACM Transactions on Privacy and Security (TOPS) journals. In 2021 she chaired the program committee of the European flagship conference for cybersecurity, ESORICS. Dr. Shulman received numerous awards and prizes for her scientific work. Most notably, in 2022 the State of Hesse awarded her with a LOEWE-Spitzen-Professur and a research grant of 2.18 Million Euro, and in 2021 she received the Deutsche IT-Sicherheitspreis of the Horst Goertz Foundation, the most prestigious award for cybersecurity innovations in Germany.</span></div><div><span><br></span></div><div><span>Haya Shulman is a frequent speaker at business and technology conferences. She writes articles for the leading German newspaper "Frankfurter Allgemeine Zeitung" and a regular column on cybersecurity for the Background Cybersecurity of the "Tagesspiegel" newspaper.</span></div><div><span><br></span></div><div><span>In addition to her personal research and technical work she is strongly engaged in activities helping cybersecurity startups and in increasing the number of women in cybersecurity. She founded the German-Israeli Partnership Accelerator for cybersecurity in Darmstadt and Jerusalem. Haya Shulman started the "Women in Cybersecurity" series of Fraunhofer SIT, and she is a member of the advisory board of "She Transforms IT".</span></div>
-
Philipp Jeitner
- Network Security Researcher, Fraunhofer Institute for Secure Information Technology (SIT)
Philipp Jeitner is a Security Researcher at the German national research center for applied cybersecurity ATHENE. Through his work, Philipp’s aim is to make the Internet more secure by identifying vulnerabilities and demonstrating attacks to motivate the deployment of defenses.
Links:
Similar Presentations: