The recent hijack of Twitter prefix by RTCOMM demonstrated the central role of RPKI for Internet routing security. The RPKI filtering (ROV) by major networks limited the propagation of the hijacked prefix.
We demonstrate the first downgrade attacks against RPKI, which allows remote adversaries to disable RPKI validation, hence exposing to prefix hijacks. In our attacks a malicious RPKI publication point stalls the relying party implementations, disabling the RPKI validation on those networks.
Presented by Philipp Jeitner , Haya Shulman, Michael Waidner, Donika Mirdita & Tomas Hlavecek
Full Abstract and Presentation Materials: #stalloris-rpki-downgrade-attack-27348