Fix for BGP routing insecurity 'plagued by software vulnerabilities' of its own, researchers find

Under BGP, there is no way to authenticate routing changes. The arrival of RPIK just over a decade ago was intended to fix that, using a digital record called a Route Origin Authorization (ROA) that identifies an ISP as having authority over specific IP infrastructure.

Route origin validation (ROV) is the process a router undergoes to check that an advertised route is authorized by the correct ROA certificate. In principle, this makes it impossible for a rogue router to maliciously claim a route it does not have any right to. RPKI is the public key infrastructure that glues this all together, security-wise.

The catch is that, for this system to work, RPIK needs a lot more ISPs to adopt it, something which until recently has happened only very slowly.

Nevertheless, while the researchers note progress, they argue there are even deeper problems. Many of the problems are the same as with any software.

“We find that current RPKI implementations still lack production-grade resilience and are plagued by software vulnerabilities, inconsistent specifications, and operational challenges, raising significant security concerns,” wrote the authors in their introduction.

So RPKI needs a process for dealing with vulnerabilities. It needs tools to fix those vulnerabilities, and it needs a way of ensuring no malicious code ends up finding its way into the development supply chain.