Man
Professional
- Messages
- 3,081
- Reaction score
- 620
- Points
- 113
Multiple vulnerabilities are found in the network security protocol.
Researchers from Germany have identified vulnerabilities and problems in the Resource Public Key Infrastructure (RPKI) protocol, which, according to scientists, does not yet have sufficient stability and security.
The RPKI protocol was created to address the shortcomings of the Border Gateway Protocol (BGP), which did not provide secure routing of Internet traffic. RPKI provides route verification through validation (ROV) and authorization (ROA) mechanisms, allowing network operators to verify the authenticity of BGP routes and advertisements. However, the authors of the report argue that RPKI is not fully fulfilling its functions.
In early September, the White House included RPKI in the network to reduce vulnerabilities and make the Internet more secure in terms of national security and the US economy. However, a new report has identified problems that raise doubts about the effectiveness of RPKI.
Experts have identified 53 vulnerabilities in RPKI software components, including DoS, authentication bypass, cache poisoning, and remote code execution. Despite the fact that most of the vulnerabilities were promptly fixed, there are questions about the reliability of the solutions and the possible presence of other critical problems that have not yet been discovered.
The article also notes that RPKI in its current form is an attractive target for attackers, since the presence of many vulnerabilities can lead to serious consequences for the validation of RPKI and even open the possibility of access to the local network where vulnerable software is installed.
One of the main concerns is the possibility of supply chain attacks, which could result in cybercriminals injecting backdoors into open RPKI components. In addition, it has been found that many operators are facing problems when updating RPKI code due to a lack of automation of the process, which can slow down the implementation of patches. Thus, about 41.2% of RPKI users may be vulnerable to at least one of the known attacks.
Experts emphasize that the lack of automation and scaling tools can lead to incorrect settings, which compromises the effectiveness of the RPKI protocol. Scholars also wonder, "Has the White House rushed to implement a protocol that has not yet reached full maturity?" At the same time, the authors of the work admit that most Internet technologies were developed and implemented, being not completely perfect, and developed in the process of use.
In conclusion, the researchers call for their work to be used as a roadmap for further improvement of the RPKI.
Source
Researchers from Germany have identified vulnerabilities and problems in the Resource Public Key Infrastructure (RPKI) protocol, which, according to scientists, does not yet have sufficient stability and security.
The RPKI protocol was created to address the shortcomings of the Border Gateway Protocol (BGP), which did not provide secure routing of Internet traffic. RPKI provides route verification through validation (ROV) and authorization (ROA) mechanisms, allowing network operators to verify the authenticity of BGP routes and advertisements. However, the authors of the report argue that RPKI is not fully fulfilling its functions.
In early September, the White House included RPKI in the network to reduce vulnerabilities and make the Internet more secure in terms of national security and the US economy. However, a new report has identified problems that raise doubts about the effectiveness of RPKI.
Experts have identified 53 vulnerabilities in RPKI software components, including DoS, authentication bypass, cache poisoning, and remote code execution. Despite the fact that most of the vulnerabilities were promptly fixed, there are questions about the reliability of the solutions and the possible presence of other critical problems that have not yet been discovered.
The article also notes that RPKI in its current form is an attractive target for attackers, since the presence of many vulnerabilities can lead to serious consequences for the validation of RPKI and even open the possibility of access to the local network where vulnerable software is installed.
One of the main concerns is the possibility of supply chain attacks, which could result in cybercriminals injecting backdoors into open RPKI components. In addition, it has been found that many operators are facing problems when updating RPKI code due to a lack of automation of the process, which can slow down the implementation of patches. Thus, about 41.2% of RPKI users may be vulnerable to at least one of the known attacks.
Experts emphasize that the lack of automation and scaling tools can lead to incorrect settings, which compromises the effectiveness of the RPKI protocol. Scholars also wonder, "Has the White House rushed to implement a protocol that has not yet reached full maturity?" At the same time, the authors of the work admit that most Internet technologies were developed and implemented, being not completely perfect, and developed in the process of use.
In conclusion, the researchers call for their work to be used as a roadmap for further improvement of the RPKI.
Source
