National Research Center for Applied Cybersecurity ATHENE: Severe Vulnerabilities Discovered in Software to Protect Internet Routing

Share

A research team from the National Research Center for Applied Cybersecurity ATHENE led by Prof. Dr. Haya Schulmann has uncovered 18 vulnerabilities in crucial software components of Resource Public Key Infrastructure (RPKI). RPKI is an Internet standard meant to protect Internet traffic from being hijacked by hackers. By now, all affected vendors provided patches for their products. The vulnerabilities could have had devastating consequences: Internet hijacks have already been exploited, e.g., for phishing passwords and other sensitive information, tricking certificate authorities into issuing fraudulent Web certificates, stealing cryptocurrency, distributing malware, and poisoning caches of DNS servers.

Frankfurt and Darmstadt, April 2024

The ATHENE team consisting of Prof. Dr. Haya Schulmann and Niklas Vogel, both from Goethe University of Frankfurt, Donika Mirdita from TU Darmstadt, and Prof. Dr. Michael Waidner from TU Darmstadt and Fraunhofer SIT uncovered and disclosed 18 vulnerabilities. The National Vulnerability Database (NVD), operated by the US National Institute of Standards and Technology (NIST), assigned five Common Vulnerabilities and Exposures (CVE) entries to these vulnerabilities, some critical with a score of 9.3 out of 10. The team used a testing tool, CURE, which they developed specifically for this project and which ATHENE makes available free of charge to all developers of RPKI software. The researchers found vulnerabilities in all popular implementations of the validator component of RPKI. They range between crashes, violation of standard behavior, and even severe bugs that allow a network adversary to completely take over an RPKI certificate hierarchy in order to inject its own trust anchor – effectively being able to forge authentic and valid yet bogus routing information (i.e., BGP announcements). It is unknown whether any of the vulnerabilities were already exploited by hackers in the wild.

RPKI is a relatively new standard. Today, about 50% of the Internet’s network prefixes are covered by RPKI certificates, and 37.8% of all Internet domains validate RPKI certificates. In particular, many large providers and operators support RPKI, e.g., Amazon Web Services, Cogent, Deutsche Telekom, Level 3, and Zayo.

The research work was carried out in the ATHENE research area Analytic Based Cybersecurity (ABC) (more information at https://abc.athene-center.de/en/ ) and appeared at the 2024 Network and Distributed System Security (NDSS) Symposium in San Diego, California, USA. The research paper can be downloaded from https://www.ndss-symposium.org/ndss-paper/the-cure-to-vulnerabilities-in-rpki-validation/. The testing tool CURE developed and used by the researchers to uncover the vulnerabilities can be downloaded from https://github.com/rp-cure/rp-cure.

The National Research Center for Applied Cybersecurity ATHENE is a research center of the Fraunhofer Society that brings together the Fraunhofer Institutes for Secure Information Technology (SIT) and for Computer Graphics Research (IGD), Technische Universität Darmstadt, Goethe-Universität Frankfurt am Main, and Darmstadt University of Applied Sciences. With more than 600 scientists, ATHENE is Europe's most prominent cybersecurity research center and Germany’s leading scientific research institution in this domain. ATHENE is supported by the German Federal Ministry of Education and Research (BMBF) and the Hessian Ministry for Higher Education, Research, Science and the Arts (HMWK). Further information about ATHENE can be found at https://www.athene-center.de/en/.

Press Contact: Mrs. Cornelia Reitz, cornelia.reitz@athene-center.de

Subscribe to releases from news aktuell GmbH

Subscribe to all the latest releases from news aktuell GmbH by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from news aktuell GmbH

Statement by GfBk regarding uncertainties at the flatexDEGIRO AG Annual General Meeting21.5.2024 08:51:08 CEST | Press release

Kulmbach – To clarify GfBk's position on the agenda items for the Annual General Meeting on June 4, 2024, we would like to make the following fundamental clarification: We support numerous agenda items set by the Executive Board. When we express a contrary opinion, it is from the perspective of a shareholder focusing on the overall well-being of the company and all other shareholders.

Avsender: AVANTGARDE EXPERTS TO BECOME PART OF INTERNATIONAL RECRUITMENT AGENCY YER14.5.2024 14:55:17 CEST | Press release

Munich, May 14th 2024 – The YER Group, an international recruiting company operating out of the Netherlands, is investing in the Munich-based recruitment specialist AVANTGARDE Experts, which operates throughout Germany. The partners will be moving forward together to strengthen their position on the German market for filling personnel vacancies in sustainable industries such as tech, mobility and energy. YER is acquiring one hundred percent of the shares formerly owned by the parent company AVANTGARDE and private equity company EMH Partners. Joining forces for an international job market As part of the international YER Group, AVANTGARDE Experts will continue to write its success story. As a result of the acquisition, the company will now also be separating under company law from the brand experience agency AVANTGARDE as the parent company. Started at the end of 2007 as recruitment experts for events, AVANTGARDE Experts has developed into one of the German market leaders in filling aca

intec GmbH: Fiber testers for installing & maintenance: intec presents ARGUS® F-Series at ANGA COM13.5.2024 11:37:51 CEST | Press release

Lüdenscheid, May 2024 - intec Gesellschaft für Informationstechnik mbH, the German innovation leader in the field of telecommunications measurement technology, is presenting the ARGUS® F-Series at this year's ANGA COM in Cologne, Europe's leading business platform for broadband and content providers. The ARGUS® F-Series is a family of fiber testers specifically designed for the installing and maintenance of optical networks such as GPON and XGS-PON, consisting of the ARGUS® F200, ARGUS® F240 and ARGUS® F300. The ARGUS® F-Series devices reliably test on GPON and XGS-PON interfaces in the top quality you have come to expect. The selective 5-fold power meter of the ARGUS® F200 basic tester can be switched into an existing PON connection in through mode, allowing the optical levels on the different downstream (OLT) and upstream (ONT) wavelengths for GPON, XGS-PON and a video overlay to be precisely determined simultaneously via five separate filters. This allows other transmitters that may

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom
HiddenA line styled icon from Orion Icon Library.Eye