| Abstract | The democratization of access has transformed the Internet into the primary platform for social interaction and economic activity. The COVID-19 pandemic significantly accelerated the digitalization of services, finance and communication. As critical infrastructure increasingly moves online, routing security is becoming a national security concern. U.S. regulatory bodies were the first to sound the alarm by formally recognizing the urgency of Internet routing security and calling for nationwide adoption of security protocols. The Resource Public Key Infrastructure (RPKI) protocol is already the leading standard for protecting Internet routing from hijacking attacks and route leaks. However, RPKI is not secure by design. Research on its security guarantees has shown that despite the minimal public facing interfaces, the software implementations are not only rife with issues, but the nature of these issues is such that they can be easily triggered and disconnect the RPKI security framework from Internet routing, thus severely downgrading RPKI protection benefits. In this work, we evaluate the security properties of RPKI, analyze its attack surface, the required attacker capabilities to launch them, and their consequences on global routing security. We propose that RPKI requires fundamental changes and improvements to mitigate its vulnerabilities, and become robust enough to withstand the eye of the storm. |
|---|
