By Cornelia Ritz, Nationales Forschungszentrum für angewandte Cybersicherheit ATHENE
The National Research Center for Cyber Security in Athens has found a way to crack one of the basic mechanisms used to secure Internet traffic. The mechanism, called RPKI, is actually designed to prevent cybercriminals or government attackers from diverting Internet traffic.
Such redirects are surprisingly common on the Internet, for example, for spying or through misconfiguration. The team of scientists in Athens consisting of Professor Dr. Hea Schulman has shown that attackers can completely bypass a security mechanism without the affected network operators being able to detect it. According to the ATHENE team’s analysis, popular applications of RPKI worldwide were weak by early 2021.
The team has informed the manufacturers, and has now presented the results to an international expert audience.
Misinformation of parts of the Internet traffic caused an uproar, as happened in March of this year when Twitter traffic was partially diverted to Russia. Entire companies or countries can be disconnected from the Internet or Internet traffic It can be intercepted or heard.
From a technical point of view, these attacks are usually based on prefix hijacks. They exploit a fundamental design problem of the Internet: determining which IP address any unsecured network belongs to. To prevent any network on the Internet from claiming blocks of IP addresses that it does not legitimately own, the IETF, the organization responsible for the Internet, has standardized the Public Key Infrastructure for Resources, the RPKI.
RPKI uses digitally signed certificates to confirm that a particular IP address block actually belongs to the specified network. Meanwhile, according to measurements made by the ATHENE team, nearly 40% of all IP address pools have an RPKI certificate, and about 27% of all networks verify these certifications.
As the ATHENE team led by Prof. Dr. Haya Shulman discovered, RPKI also has design flaw: If the network cannot find a file certificate For an IP address block, it assumes none exist. to allow traffic movement to flow on Internet In any case, this network will simply ignore the RPKI of these IP address blocks, that is, routing decisions will be based only on insecure information, as before. The ATHENE team was able to empirically prove that an attacker could create exactly this situation and thus disable the RPKI without anyone noticing. In particular, those affected network, whose testimonies have been discarded, will not even notice. The attack, which the ATHENE team dubbed Stalloris, requires the attacker to control a so-called RPKI deployment point. This is not a problem for state attackers and organized cybercriminals.
According to investigations by the ATHENE team, at the beginning of 2021, all popular products used by networks to verify RPKI certificates were compromised in this way. The team reported the attack to the manufacturers.
Now the team has published its findings at two of the most important conferences in the field of IT security, the Usenix Security 2022 Scientific Conference and the Blackhat US Industry Conference 2022. The work was a collaboration between researchers from ATHENE contributors at Goethe University, Frankfurt am Main, Fraunhofer SIT and Darmstadt University of Technology.
Submitted by Nationales Forschungszentrum für angewandte Cybersicherheit ATHENE
the quote: Team Explains That The Basic Mechanism Of Internet Security Can Be Broken (2022, Oct 5), Retrieved Oct 5, 2022 from https://techxplore.com/news/2022-10-team-basic-mechanism-internet-broken.html
This document is subject to copyright. Notwithstanding any fair dealing for the purpose of private study or research, no part may be reproduced without written permission. The content is provided for informational purposes only.