How Malicious Publication Points Can Cripple RPKI Validation

TLDR: Resource Public Key Infrastructure (RPKI) is meant to secure BGP, but its reliance on distributed publication points creates a massive, overlooked attack surface. Researchers have demonstrated that attackers can trigger validator crashes or stalling attacks by injecting malicious objects, effectively downgrading RPKI security to zero. The new ByzRP tool offers a Byzantine fault-tolerant solution to maintain routing integrity even when individual nodes are compromised.

BGP remains the internet’s most fragile protocol, and RPKI is the industry’s primary attempt to fix it. By cryptographically signing route origin authorizations, network operators hope to prevent the prefix hijacking that has plagued the internet for decades. However, the security of this entire system hinges on the integrity of the RPKI validator. If the validator fails, the security guarantees vanish. Recent research presented at Black Hat 2025 exposes a critical flaw in how these validators handle data from distributed publication points.

The Vulnerability: Stalling and Crashing the Validator

RPKI validators function by periodically fetching cryptographically signed objects from various publication points across the internet. These objects are essentially tuples of prefixes and autonomous system numbers. The validator processes these, performs cryptographic verification, and then pushes the resulting Validated ROA Payloads (VRPs) to BGP routers.

The research highlights that validators are inherently vulnerable to two types of attacks: stalling and crashing. A stalling attack involves a malicious publication point that intentionally slows down the data delivery process. Because validators often have strict timeout mechanisms or resource constraints, a slow, deliberate stream of data can force the validator to hang for hours. During this time, the validator’s cache expires, and it stops providing valid routing information to the routers.

Crashing attacks are even more direct. By serving malformed or specifically crafted cryptographic objects, an attacker can trigger unhandled exceptions in the validator’s processing engine. If the validator crashes, it stops updating the VRP list. Since routers rely on this list to make forwarding decisions, the network effectively reverts to an unvalidated state. In many cases, this results in a complete RPKI downgrade, where the router has no ground truth to verify BGP announcements.

Technical Mechanics of the Attack

The attack flow is straightforward for anyone with access to a publication point or the ability to perform a man-in-the-middle attack on the synchronization process. The validator expects a specific structure for the repository tree. By injecting a "bad" object, an attacker can force the validator to enter an infinite loop or consume excessive memory.

Consider a simplified scenario where a validator processes objects from multiple sources. If one source is malicious, it can serve a file that causes the parser to fail. If the validator lacks robust error handling, the entire process terminates.

# Example of a malicious object injection attempt
# An attacker might serve a file with an invalid signature or 
# an excessively deep directory structure to trigger a crash.
curl -O http://malicious-pub-point.example/repo/bad_object.roa

The researchers found that at least 50% of the RPKI validators currently in use are susceptible to these types of denial-of-service conditions. This is not a theoretical bug; it is a fundamental design limitation in how validators trust the data they pull from the network.

Real-World Impact for Pentesters

For those performing red team engagements or infrastructure audits, RPKI validation is a high-value target. If you can compromise the validator, you can effectively blind the network to BGP hijacking attempts. During a penetration test, you should identify which RPKI validator software is in use and check if it is running the latest version.

If you are hunting for bugs in this space, focus on the parsing logic of the validator. Look for how it handles large files, deeply nested structures, or invalid cryptographic signatures. The goal is to see if you can force the validator to stop updating its VRP cache. If you can achieve this, you have successfully bypassed the organization’s RPKI-based route filtering.

The ByzRP Solution: Distributing Trust

To address these issues, the researchers developed ByzRP. Instead of relying on a single, vulnerable validator, ByzRP uses a Byzantine fault-tolerant consensus mechanism. By deploying multiple validator nodes across different entities and using a majority-voting system, the architecture ensures that a single malicious publication point cannot compromise the entire network.

The system works by having each node independently poll its peers for the current object set. They then intersect these sets to produce a deterministic output. If one node is compromised or crashes, the remaining nodes continue to function, and the consensus output remains valid. This approach not only provides resilience against malicious actors but also significantly reduces the network traffic required for synchronization, as nodes can share validated results rather than raw data.

Moving Toward a More Resilient Internet

Defenders should prioritize moving away from single-validator deployments. If your organization relies on RPKI, consider implementing a multi-node validation architecture that incorporates fault tolerance. The days of trusting a single, monolithic validator to secure your BGP routing are numbered.

The research presented at Black Hat 2025 serves as a wake-up call for the networking community. We have built a security layer on top of BGP, but we have failed to secure the security layer itself. By adopting Byzantine fault-tolerant designs, we can finally start to build an RPKI infrastructure that is as resilient as the internet it is meant to protect. If you are working on network security, start by auditing your current validator setup and testing its response to malformed data. The path to a secure BGP is not just about signing routes; it is about ensuring the validators themselves cannot be turned against us.