Sunday, November 24, 2013

HotNets' 13: On the Risk of Misbehaving RPKI Authorities


Presenter: Danny Cooper

RPKI is a new security architecture for BGP that can prevent malicious parties from originating routes of IP prefixes that don't belong to them, which are also called prefix and subprefix hijacks. The idea is to build a trusted mapping between the ASes and their IP prefixes.

However serious risks could exist if the RPKI authorities are misconfigured or compromised. This paper explores such possible risks in different aspects, and show that the new architecture gives the authorities (such as the owner of the superset of IP prefixes) arbitrary power to reclaim the IP prefixes unilaterally, while leaving the targeted ASes little power to protect themselves. This problem is even severe if the authority and targeted AS cross international borders.

In conclusion, this study shows that the new architecture brings in a completely new set of problems, which are worth noting by the researchers in this area.

Q: What would happen if not allowing multiple trees while only allow a single root of authority?
A:  It doesn't change much as someone can manipulate you in the upper layer

Q: What happen if you have two valid certificate claiming the same segment?
A: Currently it does't provide mechanisms to deal with conflict

Q: Who will be the entities that do the monitoring work?
A: Anyone can run our current monitor tools, universities, institutes.