- 구글 클라우드, 구글 워크스페이스용 제미나이 사이드 패널에 한국어 지원 추가
- The best MagSafe accessories of 2024: Expert tested and reviewed
- Threads will show you more from accounts you follow now - like Bluesky already does
- OpenAI updates GPT-4o, reclaiming its crown for best AI model
- Nile unwraps NaaS security features for enterprise customers
Fix for BGP routing insecurity 'plagued by software vulnerabilities' of its own, researchers find
Under BGP, there is no way to authenticate routing changes. The arrival of RPIK just over a decade ago was intended to fix that, using a digital record called a Route Origin Authorization (ROA) that identifies an ISP as having authority over specific IP infrastructure.
Route origin validation (ROV) is the process a router undergoes to check that an advertised route is authorized by the correct ROA certificate. In principle, this makes it impossible for a rogue router to maliciously claim a route it does not have any right to. RPKI is the public key infrastructure that glues this all together, security-wise.
The catch is that, for this system to work, RPIK needs a lot more ISPs to adopt it, something which until recently has happened only very slowly.
Nevertheless, while the researchers note progress, they argue there are even deeper problems. Many of the problems are the same as with any software.
“We find that current RPKI implementations still lack production-grade resilience and are plagued by software vulnerabilities, inconsistent specifications, and operational challenges, raising significant security concerns,” wrote the authors in their introduction.
So RPKI needs a process for dealing with vulnerabilities. It needs tools to fix those vulnerabilities, and it needs a way of ensuring no malicious code ends up finding its way into the development supply chain.