Scribd
Upload
32 views89 pages

Niklas Vogel & Donika Mirdita & Haya Schulmann & Michael Waidner - Crashing The Party Vulnerabilities in RPKI Validation

The document discusses vulnerabilities in the Resource Public Key Infrastructure (RPKI) protocol, highlighting the importance of RPKI for BGP security. It presents a systematic analysis using a custom fuzzing mechanism that identified 18 vulnerabilities across various RPKI implementations, including critical issues in Routinator. The authors emphasize the need for improved software maturity and proactive measures from operators to address these vulnerabilities.

Uploaded by

mukaitin.ra.can2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views89 pages

Niklas Vogel & Donika Mirdita & Haya Schulmann & Michael Waidner - Crashing The Party Vulnerabilities in RPKI Validation

The document discusses vulnerabilities in the Resource Public Key Infrastructure (RPKI) protocol, highlighting the importance of RPKI for BGP security. It presents a systematic analysis using a custom fuzzing mechanism that identified 18 vulnerabilities across various RPKI implementations, including critical issues in Routinator. The authors emphasize the need for improved software maturity and proactive measures from operators to address these vulnerabilities.

Uploaded by

mukaitin.ra.can2
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 89

Crashing the Party:

Vulnerabilities in RPKI Validation


Donika Mirdita, Niklas Vogel, Haya Schulmann, Michael Waidner

#BHUSA @BlackHatEvents
Outline
❖Resource Public Key Infrastructure (RPKI)
✓ A niche new protocol

✓ & why it matters


❖Systemic Analysis of RPKI Software
✓ Introducing a bespoke fuzzing mechanism
✓ & how it works
❖ Analysis Results
✓ What they mean
✓ & consequences
❖ Disclosure Process
#BHUSA @BlackHatEvents
BGP as Achille's Heel

#BHUSA @BlackHatEvents
BGP as Achille's Heel

Notes from the


IETF Cafeteria, 1989

#BHUSA @BlackHatEvents
BGP as Achille's Heel

#BHUSA @BlackHatEvents
The RPKI Protocol

#BHUSA @BlackHatEvents
The RPKI Protocol

#BHUSA @BlackHatEvents
The RPKI Protocol

#BHUSA @BlackHatEvents
BGP Security with RPKI

#BHUSA @BlackHatEvents
BGP Security with RPKI

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

Relying
Party

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

RPKI-to-Router

Relying
Party

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

RPKI-to-Router

Relying
Party

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

RPKI-to-Router

Relying
Party

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

AS212795

RPKI-to-Router

Relying
Party

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

AS212795

RPKI-to-Router

Relying
Party

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

RPKI-to-Router

Relying AS666
Party

RPKI Repositories #BHUSA @BlackHatEvents


BGP Security with RPKI
ROA
Prefix - ASN
---

RPKI-to-Router

Relying AS666
Party

RPKI Repositories #BHUSA @BlackHatEvents


Why is DoS-ing RPs a big deal?

RPKI-to-Router

#BHUSA @BlackHatEvents
Why is DoS-ing RPs a big deal?

RPKI-to-Router

#BHUSA @BlackHatEvents
Why is DoS-ing RPs a big deal?

AS666

#BHUSA @BlackHatEvents
So we decided to tinker with the protocol...

#BHUSA @BlackHatEvents
So we decided to tinker with the protocol...

➢Relaying Party Impl. 1: crash when objects malformed

#BHUSA @BlackHatEvents
So we decided to tinker with the protocol...

➢Relaying Party Impl. 1: crash when objects malformed

➢Relying Party Impl. 2: crash when index out-of-bounds

#BHUSA @BlackHatEvents
So we decided to tinker with the protocol...

➢Relaying Party Impl. 1: crash when objects malformed

=> 84.9% of global Relying Party


deployments affected by low-cost low-
burden RPKI Downgrade Attacks
➢Relying Party Impl. 2: crash when index out-of-bounds

#BHUSA @BlackHatEvents
Towards a systematic approach
➢ RP is interesting target, but how do we test it?
➢ Fuzzing is a promising solution for systematic testing

➢ Simple idea:
- Run many random inputs against RP
- Find vulnerabilities
- Profit (optional)

#BHUSA @BlackHatEvents
Towards a systematic approach
➢ RP is interesting target, but how do we test it?
➢ Fuzzing is a promising solution for systematic testing

➢ Simple idea:
- Run many random inputs against RP
- Find vulnerabilities
- Profit (optional)

If it's so easy, why has nobody done it.... ????

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
Our simple Plan
➢ Use existing Fuzzer, generate inputs, find crashes
➢ Keep trying until we find a vulnerability

#BHUSA @BlackHatEvents
The complex Reality
➢ RPs require very complex inputs
➢ We still tried to use existing Fuzzers...

#BHUSA @BlackHatEvents
The complex Reality
➢ RPs require very complex inputs
➢ We still tried to use existing Fuzzers...

#BHUSA @BlackHatEvents
The complex Reality
➢ RPs require very complex inputs
➢ We still tried to use existing Fuzzers...

#BHUSA @BlackHatEvents
The complex Reality
➢ RPs require very complex inputs
➢ We still tried to use existing Fuzzers...

#BHUSA @BlackHatEvents
The complex Reality
➢ RPs require very complex inputs
➢ We still tried to use existing Fuzzers...

#BHUSA @BlackHatEvents
The complex Reality
➢ RPs require very complex inputs
➢ We still tried to use existing Fuzzers...

#BHUSA @BlackHatEvents
The complex Reality
➢ RPs require very complex inputs
➢ We still tried to use existing Fuzzers...

#BHUSA @BlackHatEvents
Why is this so difficult
➢ RPKI objects are complex (ASN.1 / X.509 formats)
➢ Fuzzers struggle with complex objects

#BHUSA @BlackHatEvents
Why is this so difficult
➢ RPKI objects are complex (ASN.1 / X.509 formats)
➢ Fuzzers struggle with complex objects

#BHUSA @BlackHatEvents
It gets worse...
➢ RPKI uses...

#BHUSA @BlackHatEvents
It gets worse...
➢ RPKI uses...

CRYPTOGRAPHY

#BHUSA @BlackHatEvents
It gets worse...
➢ RPKI uses cryptography
➢ Fuzzers struggle with cryptography

#BHUSA @BlackHatEvents
It gets worse...
➢ RPKI uses cryptography
➢ Fuzzers struggle with cryptography

#BHUSA @BlackHatEvents
Only one solution...

#BHUSA @BlackHatEvents
Only one solution...

#BHUSA @BlackHatEvents
Building yet another Fuzzer

#BHUSA @BlackHatEvents
Building yet another Fuzzer

#BHUSA @BlackHatEvents
Object Generation in CURE

Object Generation
1. Random Byte Mutation

i. feed the randomizer a set of valid objects


ii. splice files & generate random mutations
iii. targets programming, parsing & schematic errors

#BHUSA @BlackHatEvents
Object Generation in CURE

Object Generation
1. Random Byte Mutation 2. Structure Aware Mutation

ASN.1 ASN.1

i. feed the randomizer a set of valid objects i. schema-abiding, correctly encoded objects
ii. splice files & generate random mutations ii. manipulate content of fields
iii. targets programming, parsing & schematic errors iii. targets processing and validation logic

#BHUSA @BlackHatEvents
Object Generation in CURE

Object Generation
1. Random Byte Mutation 2. Structure Aware Mutation

ASN.1 ASN.1

i. feed the randomizer a set of valid objects i. schema-abiding, correctly encoded objects
ii. splice files & generate random mutations ii. manipulate content of fields
iii. targets programming, parsing & schematic errors iii. targets processing and validation logic

Found Bugs: 7 Found Bugs: 11


#BHUSA @BlackHatEvents
Repositorify Module

#BHUSA @BlackHatEvents
Repositorify Module

#BHUSA @BlackHatEvents
Repositorify Module
➢ Create valid RPKI repository

➢ Replace fields in objects


E.g. compute signatures

➢ Insert Test-Objects into repository

#BHUSA @BlackHatEvents
Repositorify Module
- Create valid RPKI repository

- Replace fields in objects


E.g. compute signatures

- Insert Test-Objects into repository

Let's find vulnerabilities!!


#BHUSA @BlackHatEvents
Relying Party Distributions

#BHUSA @BlackHatEvents
Summary of Results
We found
issues on
3 out of 4
maintained RPs

18 total
vulnerabilities
&
5 CVEs

#BHUSA @BlackHatEvents
Vulnerability Type: Path Traversal

➢ Vulnerable Software: Routinator

➢ Critical: 9.3 (CVE-2023-39916)

#BHUSA @BlackHatEvents
Vulnerability Type: Path Traversal

➢ Vulnerable Software: Routinator

➢ Critical: 9.3 (CVE-2023-39916)

➢ Exploit:
1. place malicious file anywhere on disk
2. poison the RPKI data by adding a malicious root certificate pointer

#BHUSA @BlackHatEvents
Vulnerability Type: DoS
➢ Adversary can create objects of any format

#BHUSA @BlackHatEvents
Vulnerability Type: DoS
➢ Adversary can create objects of any format

➢ Vulnerable Software:
o Routinator: Parsing of ASN.1 Data
o OctoRPKI: Processing of Object Fields

o Fort: Processing of RTR Requests

➢ Exploit:
Adversary forces RPs in perpetual fail-and-restart mode

#BHUSA @BlackHatEvents
Internet Evaluations (Then)

#BHUSA @BlackHatEvents
Internet Evaluations (Then)

#BHUSA @BlackHatEvents
Internet Evaluations (Now)

Secure RPs

#BHUSA @BlackHatEvents
Results: Global Inconsistencies

#BHUSA @BlackHatEvents
Results: Global Inconsistencies

how the RFC how Routinator How OctoRPKI How Fort


explained it understood it Understood it Understood it

#BHUSA @BlackHatEvents
Results: Global Inconsistencies
➢ Post-processing ROA Payload:
Routinator: 441,770 | Fort: 435,002
OctoRPKI: 434,074 | rpki-client: 441,777

#BHUSA @BlackHatEvents
Results: Global Inconsistencies
➢ Post-processing ROA Payload:
Routinator: 441,770 | Fort: 435,002
OctoRPKI: 434,074 | rpki-client: 441,777

➢ Processing inconsistencies in the real-world:


6405 unprotected Amazon prefixes in one
implementation due to the presence of
OrganisationName header in certificates

#BHUSA @BlackHatEvents
Disclosures
➢ Of course, we responsibly disclosed all vulnerabilities
➢ We sent out E-Mail to the vendors and waited for replies

Sent: Jul 19th '23 - 20:25


Sent: Jul 20th '23 - 11:01
Sent: Jul 20th '23 - 11:56

The experience differed significantly between vendors...

#BHUSA @BlackHatEvents
Disclosure – Vendor 1

#BHUSA @BlackHatEvents
Disclosure – Vendor 1

That was nice!

#BHUSA @BlackHatEvents
Disclosure – Vendor 2

#BHUSA @BlackHatEvents
Disclosure – Vendor 2

Learning: Updates might close the vector


to a vulnerability w/o fixing the bug

#BHUSA @BlackHatEvents
Disclosure – Vendor 3

#BHUSA @BlackHatEvents
Disclosure – Vendor 3

#BHUSA @BlackHatEvents
Disclosure – Vendor 3

Learning: If you don't get a reply, keep


trying... Deprecation is better than nothing

#BHUSA @BlackHatEvents
Lessons Learned
➢ Takeaway 1: RPKI is a core internet security protocol! The software maturity is
(partially) not production ready.

➢ Takeaway 2: 41.2% of RPs on the internet are still vulnerable! Operators


must be more reactive and patch their software.

➢ Takeaway 3: Fuzzing crypto is hard! We need more tools to efficiently fuzz


cryptographic protocols.

#BHUSA @BlackHatEvents
Thank you!
[email protected]
[email protected]

#BHUSA @BlackHatEvents

You might also like