Poster: Kill Krill or Proxy RPKI

Resource Public Key Infrastructure (RPKI), designed to protect Internet routing from hijacks, is gaining traction: over 50% of prefixes have digital certificates, at least 27% of Autonomous Systems actively validate certificates against BGP announcements, and filter invalid routing announcements. In this study, we present the first security analysis of Krill, the only public and open-source RPKI publication point software. Publication points are hosted by the five Regional Internet Registries across the globe, or by independent Internet operators that wish to manage their own RPKI repositories.
Through a detailed investigation of Krill, involving API, command line, configuration parsings, and static code analysis, we identify significant vulnerabilities such as transient dependencies and Denial-of-Service (DoS) exploits. Our key findings reveal Krill's susceptibility to path traversal attacks in case of misconfigured Nginx proxies, and a DoS vulnerability stemming from the h2 rust library. We develop an attack vector that exploits the rust library vulnerability, which leads to a 350x performance degradation. Our results indicate that RPKI is not yet production-grade ready as its main component, the publication points - which host the RPKI objects, are vulnerable to information leaks and DoS attacks.