news aktuell GmbH

Severe Vulnerabilities Discovered in Software to Protect Internet Routing

11.4.2024 16:51:22 CEST | news aktuell GmbH

Dela

A research team from the National Research Center for Applied Cybersecurity ATHENE led by Prof. Dr. Haya Schulmann has uncovered 18 vulnerabilities in crucial software components of Resource Public Key Infrastructure (RPKI). RPKI is an Internet standard meant to protect Internet traffic from being hijacked by hackers. By now, all affected vendors provided patches for their products. The vulnerabilities could have had devastating consequences: Internet hijacks have already been exploited, e.g., for phishing passwords and other sensitive information, tricking certificate authorities into issuing fraudulent Web certificates, stealing cryptocurrency, distributing malware, and poisoning caches of DNS servers.

The ATHENE team consisting of Prof. Dr. Haya Schulmann and Niklas Vogel, both from Goethe University of Frankfurt, Donika Mirdita from TU Darmstadt, and Prof. Dr. Michael Waidner from TU Darmstadt and Fraunhofer SIT uncovered and disclosed 18 vulnerabilities. The National Vulnerability Database (NVD), operated by the US National Institute of Standards and Technology (NIST), assigned five Common Vulnerabilities and Exposures (CVE) entries to these vulnerabilities, some critical with a score of 9.3 out of 10. The team used a testing tool, CURE, which they developed specifically for this project and which ATHENE makes available free of charge to all developers of RPKI software. The researchers found vulnerabilities in all popular implementations of the validator component of RPKI. They range between crashes, violation of standard behavior, and even severe bugs that allow a network adversary to completely take over an RPKI certificate hierarchy in order to inject its own trust anchor – effectively being able to forge authentic and valid yet bogus routing information (i.e., BGP announcements). It is unknown whether any of the vulnerabilities were already exploited by hackers in the wild.

RPKI is a relatively new standard. Today, about 50% of the Internet’s network prefixes are covered by RPKI certificates, and 37.8% of all Internet domains validate RPKI certificates. In particular, many large providers and operators support RPKI, e.g., Amazon Web Services, Cogent, Deutsche Telekom, Level 3, and Zayo.

The research work was carried out in the ATHENE research area Analytic Based Cybersecurity (ABC) (more information at https://abc.athene-center.de/en/ ) and appeared at the 2024 Network and Distributed System Security (NDSS) Symposium in San Diego, California, USA. The research paper can be downloaded from https://www.ndss-symposium.org/ndss-paper/the-cure-to-vulnerabilities-in-rpki-validation/. The testing tool CURE developed and used by the researchers to uncover the vulnerabilities can be downloaded from https://github.com/rp-cure/rp-cure.

Kontakter

About us

The National Research Center for Applied Cybersecurity ATHENE is a research center of the Fraunhofer Society that brings together the Fraunhofer Institutes for Secure Information Technology (SIT) and for Computer Graphics Research (IGD), Technische Universität Darmstadt, Goethe-Universität Frankfurt am Main, and Darmstadt University of Applied Sciences. With more than 600 scientists, ATHENE is Europe's most prominent cybersecurity research center and Germany’s leading scientific research institution in this domain. ATHENE is supported by the German Federal Ministry of Education and Research (BMBF) and the Hessian Ministry for Higher Education, Research, Science and the Arts (HMWK). Further information about ATHENE can be found at https://www.athene-center.de/en/.

Följ news aktuell GmbH

Abonnera på våra pressmeddelanden. Endast mejladress behövs och den används bara här. Du kan avanmäla dig när som helst.

Senaste pressmeddelandena från news aktuell GmbH

The new emporiaSMART.6lite / Successor to the emporia bestseller: The smartphone that fits in every pocket25.7.2024 08:05:00 CEST | Press release

(Linz, Austria). The European smartphone company emporia is launching the successor to its previous bestseller on the market for the past 2 years. The emporiaSMART.6lite follows on from the emporiaSMART.5 - which has been voted “senior smartphone of the year” in Germany three times in a row. emporia is the unrivalled market leader for easy-to-use smartphones in Germany. According to the latest GfK figures, the Austrian company has a market share of around 66 per cent in this segment. With the new emporiaSMART.6lite, which is not only easy to use but it is packed with the performance of a standard modern smartphone with great cameras, great security and more, to further expand the companies aims. Design and development made in Europe. Whether in a handbag, breast pocket, jacket, belt, waist or shoulder bag or front and back trouser pocket - the compact emporiaSMART.6lite fits in everywhere. And while compact in size, the screen is a comfortable 5.45 inches, that is large enough to ensur

37th Maschsee Festival in Hannover begins at the end of July and promises 19 days of maritime open-air flair in the heart of the city24.7.2024 13:13:58 CEST | Press release

On 31 July Maschsee Festival in Hannover will kick off for the 37th time. For 19 days – until 18 August – the capital city of Lower Saxony will host Germany’s largest lakeside festival on and around the water. With epicurean highlights spread over an area of around 20,000 square metres, Maschsee Festival has earned a well-deserved reputation as a gourmet’s paradise and nothing will change this year. Visitors can look forward to a culinary trip around the world and enjoy international cuisine ranging from Oriental to Mexican, from Asian to Scandinavian or down-to-earth German fare, served in an exclusive, exotic or traditional setting or as fingerfood to go. The new Food Village at Geibel, for example, covers an area of around 1400 square metres and, in addition to a wonderful selection of food, will also feature two of Hannover’s leading wine bars, Enrico Leone and Le Sommelier. From Wednesdays to Sundays there will also be entertainment with live music, DJ sets and boozy brunches. The

Gerhard Burits takes on new role at the ELATEC Group / RFID specialist ELATEC: New management duo with many years of experience23.7.2024 09:00:00 CEST | Press release

Munich, July 23, 2024 – Gerhard Burits expands his responsibilities and assumes the role of CEO of the ELATEC Group. Thanks to his in-depth knowledge of the company structure and his strategic foresight, he is ideally qualified to reinforce ELATEC’s position as an innovation leader in global competition. The management board will have joint leaders at the helm: Also on board is Paul Massey, who, as CEO of ELATEC Inc., is now also taking on the role of COO of the ELATEC Group and contributing his international expertise to a greater extent.

FitLine blir officiell partner till ATP-touren18.7.2024 08:38:26 CEST | Press release

London/Schengen, 18 juli 2024 FitLine är stolta över att tillkännage ett nytt flerårigt partnerskap med världens tennistour i toppklass för män. Atleterna kommer att dra nytta av FitLine-produkterna, med varumärket som den nya officiella sportnäringspartnern och den officiella energibarpartnern för ATP-touren. ATP Tour valde FitLine som sin nya officiella partner på grund av det gemensamma engagemanget för att stödja atletisk prestation och ren sport, både för professionella och fritidsidrottare. "Vi är glada över att välkomna Fitline till ATP Tours partnerlista. Synergierna mellan våra varumärken är uppenbara, med båda organisationerna dedikerade till att optimera atletisk prestation”, säger Massimo Calvelli, ATP:s VD. "Detta partnerskap återspeglar ATP Tours vädjan till globala partners och vår styrka i att engagera fans digitalt." FitLines premiumprodukter är utvecklade och exklusivt distribuerade av PM-International. VD, Rolf Sorg, tillade: "Genom vårt partnerskap med ATP Tour är v

I vårt pressrum kan du läsa de senaste pressmeddelandena, få tillgång till pressmaterial och hitta kontaktinformation.

Besök vårt pressrum
HiddenA line styled icon from Orion Icon Library.Eye