English
Related papers

Related papers: Stalloris: RPKI Downgrade Attack

200 papers

The Resource Public Key Infrastructure (RPKI) is the main mechanism to protect inter-domain routing with BGP from prefix hijacks. It has already been widely deployed by large providers and the adoption rate is getting to a critical point.…

Cryptography and Security · Computer Science 2024-08-23 Donika Mirdita , Haya Schulmann , Michael Waidner

Resource Public Key Infrastructure (RPKI) is vital to the security of inter-domain routing. However, RPKI enables Regional Internet Registries (RIRs) to unilaterally takedown IP prefixes - indeed, such attacks have been launched by…

Cryptography and Security · Computer Science 2021-02-05 Kris Shrishak , Haya Shulman

The Resource Public Key Infrastructure (RPKI) aims to secure internet routing by creating an infrastructure where resource holders can make attestations about their resources. RPKI Certificate Authorities issue these attestations and…

Cryptography and Security · Computer Science 2022-03-03 Koen van Hove , Jeroen van der Ham , Roland van Rijswijk-Deij

IP prefix hijacks allow adversaries to redirect and intercept traffic, posing a threat to the stability and security of the Internet. To prevent prefix hijacks, networks should deploy RPKI and filter bogus BGP announcements with invalid…

Networking and Internet Architecture · Computer Science 2023-03-22 Tomas Hlavacek , Haya Shulman , Niklas Vogel , Michael Waidner

The RPKI is crucial for securing the routing system of the Internet. With the RPKI, owners of Internet resources can make cryptographically backed claims, for example about the legitimate origin of their IP space. Thousands of networks use…

Cryptography and Security · Computer Science 2025-12-19 Moritz Müller-Brus , Lisa Bruder , Caspar Schutijser , Ralph Koning

The Resource Public Key Infrastructure (RPKI) secures the Internet's routing system by defining a complex trust and validation framework for certificates, Route Origin Authorizations (ROAs), manifests, and Certificate Revocation Lists…

Cryptography and Security · Computer Science 2026-05-27 Oliver Jacobsen , Tobias Kirsch , Haya Schulmann , Niklas Vogel , Michael Waidner

Over recent years, the Resource Public Key Infrastructure (RPKI) has seen increasing adoption, with now 37.8% of the major networks filtering bogus BGP routes. Systems interact with the RPKI over Relying Party (RP) implementations that…

Cryptography and Security · Computer Science 2023-12-05 Donika Mirdita , Haya Schulmann , Niklas Vogel , Michael Waidner

Resource Public Key Infrastructure (RPKI) is a critical security mechanism for BGP, but the complexity of its architecture is a growing concern as its adoption scales. Current RPKI design heavily reuses legacy PKI components, such as X.509…

Cryptography and Security · Computer Science 2025-07-15 Haya Schulmann , Niklas Vogel

Web content delivery is one of the most important services on the Internet. Access to websites is typically secured via TLS. However, this security model does not account for prefix hijacking on the network layer, which may lead to traffic…

Networking and Internet Architecture · Computer Science 2015-11-03 Matthias Wählisch , Robert Schmidt , Thomas C. Schmidt , Olaf Maennel , Steve Uhlig , Gareth Tyson

The Resource Public Key Infrastructure (RPKI) protocol was standardized to add cryptographic security to Internet routing. With over 50% of Internet resources protected with RPKI today, the protocol already impacts significant parts of…

Cryptography and Security · Computer Science 2024-09-24 Haya Schulmann , Niklas Vogel , Michael Waidner

Tor is a well-known anonymous communication tool, used by people with various privacy and security needs. Prior works have exploited routing attacks to observe Tor traffic and deanonymize Tor users. Subsequently, location-aware relay…

Cryptography and Security · Computer Science 2025-01-13 Zhifan Lu , Siyang Sun , Yixin Sun

To protect against prefix hijacks, Resource Public Key Infrastructure (RPKI) has been standardized. To enjoy the security guarantees of RPKI validation, networks need to install a new component, the relying party validator, which fetches…

Cryptography and Security · Computer Science 2024-05-02 Jens Friess , Donika Mirdita , Haya Schulmann , Michael Waidner

In this work, we present a novel severe buffer-overflow vulnerability in the RPKI validator Fort, that allows an attacker to achieve Remote Code Execution (RCE) on the machine running the software. We discuss the unique impact of this RCE…

Cryptography and Security · Computer Science 2024-11-26 Oliver Jacobsen , Haya Schulmann , Niklas Vogel , Michael Waidner

The Resource Public Key Infrastructure (RPKI) secures Internet routing by binding IP prefixes to authorized Autonomous Systems, yet its RSA foundations are vulnerable to quantum adversaries. A naive swap to post-quantum (PQ) signatures (eg…

Networking and Internet Architecture · Computer Science 2026-03-10 Weitong Li , Yuze Li , Taejoong Chung

The adoption of security protocols such as Transport Layer Security (TLS) has significantly improved the state of traffic encryption and integrity protection on the Internet. Despite rigorous analysis, vulnerabilities continue to emerge,…

Cryptography and Security · Computer Science 2025-01-30 Mariam Moustafa , Mohit Sethi , Tuomas Aura

Multiple-vantage-point domain control validation (multiVA) is an emerging defense for mitigating BGP hijacking attacks against certificate authorities. While the adoption of multiVA is on the rise, little work has quantified its…

Cryptography and Security · Computer Science 2023-02-21 Grace Cimaszewski , Henry Birge-Lee , Liang Wang , Jennifer Rexford , Prateek Mittal

Removing personally identifiable information (PII) from texts is necessary to comply with various data protection regulations and to enable data sharing without compromising privacy. However, recent works show that documents sanitized by…

Computation and Language · Computer Science 2026-03-16 Sebastian Ochs , Ivan Habernal

We perform the first analysis of methodologies for launching DNS cache poisoning: manipulation at the IP layer, hijack of the inter-domain routing and probing open ports via side channels. We evaluate these methodologies against DNS…

Cryptography and Security · Computer Science 2022-05-13 Tianxiang Dai , Philipp Jeitner , Haya Shulman , Michael Waidner

Relative Path Overwrite (RPO) is a recent technique to inject style directives into sites even when no style sink or markup injection vulnerability is present. It exploits differences in how browsers and web servers interpret relative paths…

Cryptography and Security · Computer Science 2020-02-17 Sajjad Arshad , Seyed Ali Mirheidari , Tobias Lauinger , Bruno Crispo , Engin Kirda , William Robertson

Public wireless access points are commonly provided by governments, businesses, schools and other organizations and provide access to the Internet for numerous use cases and can present varying degrees of risk to users. While there are…

Cryptography and Security · Computer Science 2019-10-11 Jonathan K Adams
‹ Prev 1 2 3 10 Next ›