{"id":836,"date":"2024-10-18T11:01:07","date_gmt":"2024-10-18T17:01:07","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/?p=836"},"modified":"2024-10-18T11:03:02","modified_gmt":"2024-10-18T17:03:02","slug":"rpki-insecurity","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/jacobson-cpsc\/2024\/10\/18\/rpki-insecurity\/","title":{"rendered":"RPKI Insecurity\u00a0"},"content":{"rendered":"\n

Recently, a team of researchers from Germany released a paper outlining the vulnerabilities of Resource Public Key Infrastructure (RPKI), the primary framework used to provide security for the Border Gateway Protocol (BGP) [2]. BGP is used for routing, and it is an alternative to Open Shortest Path First (OSPF). OSPF is generally used for routing within a smaller network controlled by one entity, or autonomous system (AS), while BGP is used for routing between these autonomous systems [1]. According to the researchers, 50% of the Internet\u2019s resources use RPKI for securing BGP [4]. <\/p>\n\n\n\n

The researchers identified a number of vulnerabilities with the framework, ranging from misconfigurations by those that employ the framework to malicious actors finding ways to get around the security it is supposed to provide. This announcement coincides with the US government\u2019s recent plan, announced in September 2024, to implement RPKI on all US ISPs and networks [2]. Before we get into the specifics, though, let\u2019s take a closer look at what BGP and RPKI are, to help us better understand these vulnerabilities. <\/p>\n\n\n\n

What is BGP? <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Source: https:\/\/upload.wikimedia.org\/wikipedia\/commons\/5\/5c\/AS-BGP.png<\/a> <\/p>\n\n\n\n

As mentioned earlier, BGP is used for routing information across the internet between different autonomous systems. These can be Internet Service Providers (ISPs), universities, companies, or other organizations [6]. Since it is primarily used for routing between autonomous systems, it is classified as an External Gateway Protocol (EGP). However, it can also be used for routing within an autonomous system, so it is a very flexible protocol. Compared to purely intra-domain routing systems, though, BGP is more complex to configure but it allows for more control over routing. It\u2019s also very scalable, as it can be used at the worldwide Internet level [1].  <\/p>\n\n\n\n

In order for an autonomous system to make use of BGP routing, network administrators will set up one of the routers to be a boundary router, or BGP peer. This router will send and receive routing information with its BGP peers through a TCP connection [6]. They exchange information on path attributes, such as hop count, monetary cost of routing, latency, and network congestion [5,6]. The boundary router will store this information in routing tables, building up a graph of all the autonomous systems around it. Even after the initial exchange of information, the BGP peers will continue to send information, including 19-byte keep-alive messages every 30 seconds [5]. The BGP router will update the routing table frequently with any new information it receives. Using this information, and the rules configured by the network administrator that give different weights to each path attribute, the BGP router will determine the best path [1,5]. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Source: https:\/\/upload.wikimedia.org\/wikipedia\/commons\/thumb\/3\/39\/BGP_process.svg\/2560px-BGP_process.svg.png<\/a>\u00a0<\/p>\n\n\n\n

BGP Vulnerabilities<\/p>\n\n\n\n

Like with many aspects of the Internet, the original protocol was not designed with security in mind. It was initially assumed that all BGP peers were trustworthy and that they would not provide incorrect information [3]. <\/p>\n\n\n\n

The primary vulnerability BGP is susceptible to is BGP hijacking [6]. This involves an AS sending false routing information to its peers, either accidentally or with malicious intentions. This information is then propagated beyond the initial group of peers to the wider Internet, causing a variety of problems. Malicious parties can use BGP hijacking to redirect users to their fake sites, stealing credentials or money. In 2018, a malicious group stole $100000 in cryptocurrency from unsuspecting individuals after they were able to reroute traffic intended for Amazon\u2019s DNS service [6]. Even accidental BGP hijacking can lead to a denial-of-service attack, such as in 2008 when a Pakistani ISP altered BGP routes to keep citizens from accessing YouTube. As with the malicious example, the false routes propagated beyond that Pakistani ISP AS, and it led to users around the world being denied access to YouTube [6]. Attackers can also alter routing to eavesdrop on communications or modify data in packets by putting themselves on-path [4,6]. <\/p>\n\n\n\n

Solution: Resource Public Key Infrastructure <\/p>\n\n\n\n

The main solution for BGP hijacking is authentication. RPKI provides authentication through public key cryptography and certificates. The organization will sign Route Origin Authorization certificate or ROA with their private key, and this will be used certify that a particular organization has the authority to communicate routing information for the IP addresses within its AS [2,6]. Other BGP routers will access the ROAs from a RPKI repository, either directly or through intermediate software called a Relying Party, and they will use Route Origin Validation (ROV) to verify that any routing information is coming from the authorized organization [4]. This makes it much more difficult for malicious parties to hijack BGP routing [3,6]. <\/p>\n\n\n\n

\n