University of Twente Student Theses
Threat analysis of RPKI relying party software
Hove, K.W. van (2022) Threat analysis of RPKI relying party software.
|
PDF
1MB |
| Abstract: | We have looked into the unique characteristics of the RPKI, where unlike other common protocols all information must be retrieved first, and used that to create a threat model where an attacker that wanted to disrupt RPKI operations had full control over a certificate authority and its RRDP publication point. We have developed an exploit framework based on that threat model, and tested how current RPKI relying party software deals with these threats. We showed that in many cases the case where the certificate authority or publication point was malicious was inadequately considered by relying party software, allowing a publication point to disrupt the entirety of RPKI. Additionally, we showed that the protocol design 12 18 seems in its current state incapable of technically ensuring all the necessary assumptions about the protocol to function properly and securely to hold, making it impossible for relying party software developers to adequately prevent disruption by a malicious certificate authority without collateral damage. Lastly, we have described the steps and considerations for reporting these issues to all parties involved. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/89590 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page