SoK: An Introspective Analysis of RPKI Security
- URL: http://arxiv.org/abs/2408.12359v1
- Date: Thu, 22 Aug 2024 12:57:09 GMT
- Title: SoK: An Introspective Analysis of RPKI Security
- Authors: Donika Mirdita, Haya Schulmann, Michael Waidner,
- Abstract summary: The Resource Public Key Infrastructure (RPKI) is the main mechanism to protect inter-domain routing with BGP from prefix hijacks.
Almost half of all the global prefixes are now covered by RPKI and measurements show that 27% of networks are already using RPKI to validate BGP announcements.
- Score: 19.075820340282938
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The Resource Public Key Infrastructure (RPKI) is the main mechanism to protect inter-domain routing with BGP from prefix hijacks. It has already been widely deployed by large providers and the adoption rate is getting to a critical point. Almost half of all the global prefixes are now covered by RPKI and measurements show that 27% of networks are already using RPKI to validate BGP announcements. Over the past 10 years, there has been much research effort in RPKI, analyzing different facets of the protocol, such as software vulnerabilities, robustness of the infrastructure or the proliferation of RPKI validation. In this work we compile the first systemic overview of the vulnerabilities and misconfigurations in RPKI and quantify the security landscape of the global RPKI deployments based on our measurements and analysis. Our study discovers that 56% of the global RPKI validators suffer from at least one documented vulnerability. We also do a systematization of knowledge for existing RPKI security research and complement the existing knowledge with novel measurements in which we discover new trends in availability of RPKI repositories, and their communication patterns with the RPKI validators. We weave together the results of existing research and our study, to provide a comprehensive tableau of vulnerabilities, their sources, and to derive future research paths necessary to prepare RPKI for full global deployment.
Related papers
- On the Security of a Code-Based PIR Scheme [1.3812010983144802]
CB-cPIR is a pioneering effort to base PIR schemes on hard problems in coding theory.<n>Our research reveals a critical vulnerability in CB-cPIR, substantially diminishing its security levels.
arXiv Detail & Related papers (2025-07-25T14:12:00Z) - Pruning the Tree: Rethinking RPKI Architecture From The Ground Up [2.340368527699536]
Resource Public Key Infrastructure (RPKI) is a critical security mechanism for BGP.<n>RPKI design heavily reuses legacy PKI components, such as X.509 EE-certificates, ASN.1 encoding, and XML-based repository protocols.<n>We show that these design choices, although based on established standards, create significant performance bottlenecks, increase the vulnerability surface, and hinder scalability for wide-scale Internet deployment.
arXiv Detail & Related papers (2025-07-02T08:24:50Z) - Federated Learning for Cyber Physical Systems: A Comprehensive Survey [49.54239703000928]
Federated learning (FL) has become increasingly popular in recent years.<n>The article scrutinizes how FL is utilized in critical CPS applications, e.g., intelligent transportation systems, cybersecurity services, smart cities, and smart healthcare solutions.
arXiv Detail & Related papers (2025-05-08T01:17:15Z) - In-House Evaluation Is Not Enough: Towards Robust Third-Party Flaw Disclosure for General-Purpose AI [93.33036653316591]
We call for three interventions to advance system safety.
First, we propose using standardized AI flaw reports and rules of engagement for researchers.
Second, we propose GPAI system providers adopt broadly-scoped flaw disclosure programs.
Third, we advocate for the development of improved infrastructure to coordinate distribution of flaw reports.
arXiv Detail & Related papers (2025-03-21T05:09:46Z) - RPKI: Not Perfect But Good Enough [18.399905446335904]
The Resource Public Key Infrastructure protocol was standardized to add cryptographic security to Internet routing.
The White House indicated in its Roadmap to Enhance Internet Security, on 4 September 2024, that RPKI is a mature and readily available technology for securing inter-domain routing.
This work presents the first comprehensive study of the maturity of RPKI as a viable production-grade technology.
arXiv Detail & Related papers (2024-09-22T16:21:14Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Byzantine-Secure Relying Party for Resilient RPKI [17.461853355858022]
We develop BRP, a Byzantine-Secure relying party implementation.
We show through simulations and experiments that BRP, as an intermediate RPKI service, results in less load on RPKI publication points and a robust output despite RPKI repository failures, jitter, and attacks.
arXiv Detail & Related papers (2024-05-01T14:04:48Z) - Against The Achilles' Heel: A Survey on Red Teaming for Generative Models [60.21722603260243]
Our extensive survey, which examines over 120 papers, introduces a taxonomy of fine-grained attack strategies grounded in the inherent capabilities of language models.
We have developed the "searcher" framework to unify various automatic red teaming approaches.
arXiv Detail & Related papers (2024-03-31T09:50:39Z) - Secure Authentication Mechanism for Cluster based Vehicular Adhoc Network (VANET): A Survey [1.0070449177493677]
Vehicular Ad Hoc Networks (VANETs) play a crucial role in Intelligent Transportation Systems (ITS) by facilitating communication between vehicles and infrastructure.
This survey paper presents a comprehensive analysis of existing authentication mechanisms proposed for cluster-based VANETs.
The integration of secure key management techniques is discussed to enhance the overall authentication process.
arXiv Detail & Related papers (2023-12-20T10:58:43Z) - The CURE To Vulnerabilities in RPKI Validation [19.36803276657266]
RPKI has seen increasing adoption, with now 37.8% of the major networks filtering bogus BGP routes.
We report a total of 18 vulnerabilities that can be exploited to downgrade RPKI validation in border routers.
We generate over 600 million test cases and tested all popular RPs on them.
arXiv Detail & Related papers (2023-12-04T13:09:37Z) - Zero-Knowledge Proof-based Verifiable Decentralized Machine Learning in Communication Network: A Comprehensive Survey [31.111210313340454]
Decentralized approaches to machine learning introduce challenges related to trust and verifiability.
We present a comprehensive review of Zero-Knowledge Proof-based Verifiable Machine Learning (ZKP-VML)
arXiv Detail & Related papers (2023-10-23T12:15:23Z) - Is Vertical Logistic Regression Privacy-Preserving? A Comprehensive
Privacy Analysis and Beyond [57.10914865054868]
We consider vertical logistic regression (VLR) trained with mini-batch descent gradient.
We provide a comprehensive and rigorous privacy analysis of VLR in a class of open-source Federated Learning frameworks.
arXiv Detail & Related papers (2022-07-19T05:47:30Z) - Deep Learning for Face Anti-Spoofing: A Survey [74.42603610773931]
Face anti-spoofing (FAS) has lately attracted increasing attention due to its vital role in securing face recognition systems from presentation attacks (PAs)
arXiv Detail & Related papers (2021-06-28T19:12:00Z) - Predicting Deep Neural Network Generalization with Perturbation Response
Curves [58.8755389068888]
We propose a new framework for evaluating the generalization capabilities of trained networks.
Specifically, we introduce two new measures for accurately predicting generalization gaps.
We attain better predictive scores than the current state-of-the-art measures on a majority of tasks in the Predicting Generalization in Deep Learning (PGDL) NeurIPS 2020 competition.
arXiv Detail & Related papers (2021-06-09T01:37:36Z) - Privacy-preserving Traffic Flow Prediction: A Federated Learning
Approach [61.64006416975458]
We propose a privacy-preserving machine learning technique named Federated Learning-based Gated Recurrent Unit neural network algorithm (FedGRU) for traffic flow prediction.
FedGRU differs from current centralized learning methods and updates universal learning models through a secure parameter aggregation mechanism.
It is shown that FedGRU's prediction accuracy is 90.96% higher than the advanced deep learning models.
arXiv Detail & Related papers (2020-03-19T13:07:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.