Breaking it down to build it back up: Attacks and Defenses for RPKI

The Border Gateway Protocol (BGP) is the glue that holds the Internet together and enables packets to reach their destinations. However, BGP is not secure by design. It is vulnerable to hijacking attacks and route leaks, and the community has tried for decades to find a solution for this design error. The Resource Public Key Infrastructure (RPKI) has emerged as the only currently feasible solution to BGP's woes. It is an intuitive, flexible infrastructure that allows any BGP security protocol that relies on distributed, cryptographically verifiable data, to get incorporated and effectively deployed across BGP routers. RPKI already covers over 50% of network prefixes and is deployed by at least 27% of networks in the world. It has already proven its benefits over the past few years due to many BGP hijacks, which went unnoticed by those deploying RPKI, but caused severe consequences for those who didn't. RPKI has proven itself so successful, that the Federal Communications Commission (FCC) published a recommendation on routing security, where they suggested mandating the use of RPKI for all major ISP providers in the US. However, not all that glitters is gold. While RPKI is an excellent approach to solving the security issues of BGP, it is not perfect. In this work, the author evaluates the security of the RPKI ecosystem as a whole, and that of all RPKI software components individually. The author discovers a range of attacks that lead to the silent downgrade of RPKI protection, or the Denial-of-Service (DoS) of RPKI components, and evaluates current RPKI deployment practices only to discover trends that are concerning when extrapolated to full RPKI deployment. Finally, this work also provides the first attempt to mitigate all above mentioned RPKI issues through a distributed infrastructure that enhances RPKI component security and efficiency, and is backwards compatible with the current RPKI environment. This thesis is based on work published in 6 full papers and 2 posters in international academic conferences. This work resulted in the discovery of 18 vulnerabilities in RPKI code, and the issuance of 5 Common Vulnerabilities and Exposures (CVEs).