Re: [Sidrops] Stalloris: RPKI Downgrade Attack
Christopher Morrow <christopher.morrow@gmail.com> Wed, 04 May 2022 14:47 UTC
Return-Path: <christopher.morrow@gmail.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 690BDC159498 for <sidrops@ietfa.amsl.com>; Wed, 4 May 2022 07:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wwgy22_yZHde for <sidrops@ietfa.amsl.com>; Wed, 4 May 2022 07:47:23 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3ADC4C157B4D for <sidrops@ietf.org>; Wed, 4 May 2022 07:47:23 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id s4so1103778qkh.0 for <sidrops@ietf.org>; Wed, 04 May 2022 07:47:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1itMrCDjEJtGihRFftH72NEGgyWM8L/d+ptHPtfpXYg=; b=bOc7a1QMXRk2vRoedtnGDFmlSBWd71QUlYhUI7eFXXUXmd6bcKiKb+S/erxzhILhi1 toanFFGZiTNKzmrC1tSUnB7IOPyCHkjhRzoTEzMe1KgLX2n2lclsQlWJHs9338rrrgT4 fxavUtiXoI7KkmUosjDXGyclnZQUvNHvnriRuH315w1KdalULrI6vICd64h352VbP6MB DYiKGVvOvs5Pd+HcATfNN9FyIp6XkNOYbT3hDs22BG0gGbVJRAOlXnwz1aXylfwWqVA/ omHuomT7Ckrtv/4r2EmEGxXCh9oChpe5A99FutSq8XvzABe4wMPjGbZaUpadBRJaRsqP 7xyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1itMrCDjEJtGihRFftH72NEGgyWM8L/d+ptHPtfpXYg=; b=yDBGx0qFOOkD8YZg+flXqeN2K9tE1/7Tbn7rFHsq68L0csxsaM45e4E6muCSaJrXqv jt3nqb0xTFttzUFiR7I2JfQWD14whu19Wm8szOUw8FH+qxE3TIUvISanwKblTUbYKo8F nbWshhJFnUQjAfGT2PlCn8hjBsIG8gAp3QLq7ms8KOu6nr2PDbA8g9CIyJ5MBjaYj8fa ea1SDoddP2q+bPKPHyA2Pi5g+IdyHxMWtg75fKf2pY8MT1WCEYJu/jJvONT6K1KeAwB8 19e91moRhcu66be+beHinLpnrDTULAdmw07v/wfsYY3jOuNA/J/yLGRIwzFbIGlIJ3sU LxyQ==
X-Gm-Message-State: AOAM532C8e8NB61B7ZTqRKJ+dYMXiAn+Dtpol8zoTs0fPb3phklGMmKF PVE3vd9/GEOk3Q5sles+MhnZjBmTwmIZ1xpFFzg=
X-Google-Smtp-Source: ABdhPJyFFOmkO/kFPvEyAz1UCJYzZLoFdF3erK6sz53LRG3++DKub85uHS0rg7335NQAxaKIm1zK2F672VJgULAa2MM=
X-Received: by 2002:a05:620a:2549:b0:680:a307:8a2d with SMTP id s9-20020a05620a254900b00680a3078a2dmr15680538qko.63.1651675641834; Wed, 04 May 2022 07:47:21 -0700 (PDT)
MIME-Version: 1.0
References: <AS4P195MB142948CC066435891815A8C88CC09@AS4P195MB1429.EURP195.PROD.OUTLOOK.COM>
In-Reply-To: <AS4P195MB142948CC066435891815A8C88CC09@AS4P195MB1429.EURP195.PROD.OUTLOOK.COM>
From: Christopher Morrow <christopher.morrow@gmail.com>
Date: Wed, 04 May 2022 10:47:11 -0400
Message-ID: <CAL9jLaaZm=QsjZGARu8DLajWj6_Q+sH1rh7UTOrEUjOMeODo8Q@mail.gmail.com>
To: "Hove, K.W. van (Koen, Student M-CS)" <k.w.vanhove@student.utwente.nl>
Cc: "sidrops@ietf.org" <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ea72b405de30b37b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/gpwfvOf5MtmnTGK1BypWZWUlihA>
Subject: Re: [Sidrops] Stalloris: RPKI Downgrade Attack
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2022 14:47:27 -0000
sure.. this seems pretty obvious from the system design. I think you COULD say: "well, then unknowns also die in a fire with invalids!" but.. that's going to leave you with a very small internet :( Ideally publication point operators are buidling robust and distributed deployments that can be resilient in the face of both network problems and bad actors. Ideally publication retrievers are operating systems which are both nice to the overall system and resilient in the case of network problems or remote system problems. I imagine we are a ways off from the perfect operations though. On Tue, May 3, 2022 at 9:23 AM Hove, K.W. van (Koen, Student M-CS) < k.w.vanhove@student.utwente.nl> wrote: > Dear all, > > I recently became aware of this new pre-publication [1] from the > Fraunhofer Institute for Secure Information Technology SIT and National > Research Center for Applied Cybersecurity ATHENE titled " Stalloris: RPKI > Downgrade Attack", that I believe might be of interest to you as well. > > The abstract reads: > > > We demonstrate the first downgrade attacks against RPKI. The key design > property in RPKI that allows our attacks is the tradeoff between > connectivity and security: when networks cannot retrieve RPKI information > from publication points, they make routing decisions in BGP without > validating RPKI. We exploit this tradeoff to develop attacks that prevent > the retrieval of the RPKI objects from the public repositories, thereby > disabling RPKI validation and exposing the RPKI-protected networks to > prefix hijack attacks. > > We demonstrate experimentally that at least 47% of the public > repositories are vulnerable against a specific version of our attacks, a > rate-limiting off-path downgrade attack. We also show that all the current > RPKI relying party implementations are vulnerable to attacks by a malicious > publication point. This translates to 20.4% of the IPv4 address space. > > We provide recommendations for preventing our downgrade attacks. > However, resolving the fundamental problem is not straightforward: if the > relying parties prefer security over connectivity and insist on RPKI > validation when ROAs cannot be retrieved, the victim AS may become > disconnected from many more networks than just the one that the adversary > wishes to hijack. Our work shows that the publication points are a critical > infrastructure for Internet connectivity and security. Our main > recommendation is therefore that the publication points should be hosted on > robust platforms guaranteeing a high degree of connectivity. > > Personally, I do wonder how feasible this is in practice. I am in the > process of trying to reproduce the experiment using the methods they > describe, but so far to no avail. Should anyone else have any success (or > lack thereof), please let me know. > > Cordially, > Koen van Hove > > [1] > https://www.usenix.org/conference/usenixsecurity22/presentation/hlavacek > > _______________________________________________ > Sidrops mailing list > Sidrops@ietf.org > https://www.ietf.org/mailman/listinfo/sidrops >
- [Sidrops] Stalloris: RPKI Downgrade Attack Hove, K.W. van (Koen, Student M-CS)
- Re: [Sidrops] Stalloris: RPKI Downgrade Attack Christopher Morrow
- Re: [Sidrops] Stalloris: RPKI Downgrade Attack Jeroen Massar