The Resource Public Key Infrastructure (RPKI) is not as straightforward a solution for the security vulnerabilities of the internet’s Border Gateway Protocol (BGP) as many in the communications sector believe, according to a team of researchers from Germany.
In their recently released paper, RPKI: Not Perfect But Good Enough, Haya Schulmann and Niklas Vogel from Germany’s ATHENE National Research Center for Applied Cybersecurity and Goethe-Universität Frankfurt, along with Michael Waidner from ATHENE and Technische Universität Darmstadt, detail a significant range of issues related to RPKI that must still be resolved for it to reach its potential.
This research casts a shadow over the optimism expressed by the US White House Office of the National Cyber Director (ONCD), which last month released a roadmap urging US ISPs to accelerate the implementation of RPKI as a remedy for the widely recognized inadequacies of BGP security.
The fundamental issue with BGP, the protocol that underpins current internet routing, lies in its design, which the authors describe as lacking “cryptographic authentication of announcements.”
Simply put, service providers can unintentionally or purposefully misconfigure their systems, leading to the creation of false or misleading routes that can hijack or redirect Internet traffic, or even impersonate legitimate routing pathways.
This issue has been increasingly evident in recent years, with several incidents related to BGP routing, such as one notable case in 2018 concerning China Telecom. It was during this time that the U.S. government began to take a serious interest in BGP, which had mostly been a technical concern limited to engineers.
BGP lacks a mechanism for authenticating changes to routing. The introduction of RPKI over a decade ago aimed to address this gap by utilizing a digital record known as a Route Origin Authorization (ROA), which designates an ISP as having control over certain IP resources.
Route origin validation (ROV) is a process by which a router verifies whether an advertised route is recognized as authorized by the appropriate ROA certificate. In theory, this should prevent any unauthorized router from falsely claiming a route to which it is not entitled. RPKI serves as the foundational public key infrastructure that ensures the security of this framework.
For RPKI to function effectively, it requires a substantial increase in the adoption rate by ISPs, a process that has been progressing at a sluggish pace until recently.
Despite recognizing advancements, the researchers highlight more significant underlying issues. Many of these challenges mirror those encountered in any software development.
“Current RPKI implementations still demonstrate a lack of production-grade resilience and are susceptible to software vulnerabilities, inconsistent specifications, and operational hurdles, which raise serious security concerns,” the authors stated in their introduction.
Thus, RPKI necessitates a structured approach to address vulnerabilities. It requires tools for rectifying these vulnerabilities and needs a strategy to prevent any malicious code from infiltrating the development supply chain.
In the meantime, the authors noted that Internet Service Providers (ISPs) implementing the technology are lacking the necessary automated tools to address vulnerabilities as they emerge. This absence of automation compels ISPs to resort to manual methods, which often result in errors and sluggish connections due to misconfigurations.
According to the authors, “The deployments lack experience with full-fledged strict RPKI-validation in production environments and operate in fail-open test mode.”
They further explained that operating in “fail-open” mode allows for the propagation of invalid routes, despite failing RPKI, akin to trying to ride a bicycle with training wheels yet still managing to fall.
Moreover, there is a significant concern that malicious individuals may attempt to introduce backdoors into RPKI software.
“Given that all widely used RPKI software implementations are open source and welcome community code contributions, the potential risk of deliberate backdoors is significant in the realm of RPKI,” they clarified.
The authors argue that a software supply chain that produces such essential software for internet routing should undergo more rigorous testing and validation.
They do not present straightforward solutions to the existing issues with RPKI, acknowledging, “Expecting complete maturity before widespread deployment is a highly theoretical expectation; in practical terms, complete maturity and perfection do not exist, only varying degrees of adequacy.”
Essentially, they emphasize that the critical role of RPKI within the internet ecosystem warrants more focus than the average security initiative. It requires improved automation tools to assist in management and updates, along with heightened attention to the integrity of its software supply chain.
The White House roadmap has recalibrated public expectations, making it crucial for attention to be focused on this matter now. Up until now, RPKI has progressed smoothly. However, as government engagement grows, driven by the significant impact of internet routing on digital security, we are entering a phase that calls for improved implementation.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.