by Cornelia Reitz, National Center for Applied Cybersecurity Research ATHENE
The ATHENE National Cybersecurity Research Center has found a way to crack one of the basic mechanisms used to secure internet traffic. The mechanism, called RPKI, is actually designed to prevent cyber criminals or government attackers from hijacking internet traffic.
Such redirects are surprisingly common on the Internet, for example for spying purposes or through misconfigurations. The ATHENE scientific team of Prof. Dr. Haya Shulman has shown that attackers can completely bypass the security mechanism without the affected network operators being able to detect it. According to the analyzes of the ATHENE team, popular RPKI implementations around the world were vulnerable in early 2021.
The team briefed the manufacturers and have now presented the results to an audience of international experts.
The misdirection of Internet traffic is causing a stir, as happened in March this year when Twitter traffic was partially diverted to Russia. Businesses or entire countries can be cut off from the internet or internet traffic can be intercepted or overheard.
From a technical point of view, these attacks are generally based on prefix hijacking. They exploit a fundamental design problem of the Internet: determining which IP address belongs to which network is insecure. To prevent any network on the Internet from claiming blocks of IP addresses that it does not rightfully own, the IETF, the organization responsible for the Internet, has standardized the Resource Public Key Infrastructure, RPKI.
RPKI uses digitally signed certificates to confirm that a specific block of IP addresses actually belongs to the specified network. Meanwhile, according to the ATHENE team’s measurements, almost 40% of all IP address blocks have an RPKI certificate, and around 27% of all networks verify these certificates.
As discovered by the ATHENE team led by Professor Haya Shulman, RPKI also has a design flaw: if a network cannot find a certificate for a block of IP addresses, it assumes that none exists. . To allow traffic to flow over the Internet anyway, this network will simply ignore RPKI for these blocks of IP addresses, i.e. routing decisions will be based solely on insecure information, as before. The ATHENE team was able to show experimentally that an attacker can create exactly this situation and thus deactivate RPKI without anyone noticing. In particular, the affected network, whose certificates are ignored, will not notice it either. The attack, dubbed Stalloris by the ATHENE team, requires the attacker to control a so-called RPKI publishing point. This is not a problem for state attackers and organized cybercriminals.
According to investigations by the ATHENE team, in early 2021, all popular products used by networks to verify RPKI certificates were vulnerable in this way. The team notified the makers of the attack.
Today, the team released its findings at two of the largest computer security conferences, the Usenix Security 2022 Science Conference and the Blackhat US 2022 Industry Conference. The work was a collaboration between researchers from contributors ATHENE Goethe University Frankfurt am Main, Fraunhofer SIT and Darmstadt University of Technology.
Measurement Tool for Emerging Border Gateway Protocol Security Technologies
Provided by the National Center for Applied Cybersecurity Research ATHENE
Quote: Team Demonstrates Basic Internet Security Mechanism Can Be Broken (2022, October 5) Retrieved October 5, 2022 from https://techxplore.com/news/2022-10-team-basic-mechanism-internet -broken.html
This document is subject to copyright. Except for fair use for purposes of private study or research, no part may be reproduced without written permission. The content is provided for information only.
#team #demonstrates #basic #mechanism #internet #security #broken