MIRAK: An Artifact for Strengthening the Relying Party RPKI Environment
Abstract
Route validation through Routinator and the RPKI protocol has been discussed in the literature as the main approach to strengthening BGP routing. However, some studies have highlighted potential attack vectors targeting the route validator itself, justifying efforts to enhance the resilience of this solution. This article presents the MIRAK application, developed with proprietary techniques for low resource consumption and high speed, which automatically identifies vulnerabilities in Routinator, contributing to reduced attack risk. Initial results have been promising, encouraging further study to improve its efficiency and scope.References
Fontugne, R., Phokeer, A., Pelsser, C., Vermeulen, K., and Bush, R. (2023). RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data Planes. In Passive and Active Measurement: 24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023, Proceedings, page 429–457, Berlin, Heidelberg. Springer-Verlag.
Hlavacek, T., Jeitner, P., Mirdita, D., Shulman, H., and Waidner, M. (2022a). Behind the Scenes of RPKI. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS ’22, page 1413–1426, New York, NY, USA. Association for Computing Machinery.
Hlavacek, T., Jeitner, P., Mirdita, D., Shulman, H., and Waidner, M. (2022b). Stalloris: RPKI Downgrade Attack. In 31st USENIX Security Symposium (USENIX Security 22), pages 4455–4471, Boston, MA. USENIX Association.
Jacobsen, O., Schulmann, H., Vogel, N., and Waidner, M. (2024). Poster: From Fort to Foe: The Threat of RCE in RPKI. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, CCS ’24, page 5015–5017, New York, NY, USA. Association for Computing Machinery.
Melo, Y., Salles, R., and Oliveira, F. (2022). Validação da solução RPKI para segurança do BGP. In Anais Estendidos do XXII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 41–48, Porto Alegre, RS, Brasil. SBC.
Mirdita, D., Schulmann, H., and Waidner, M. (2024). SoK: An Introspective Analysis of RPKI Security. Technical report. Disponível em: [link].
Mirdita, D., Shulman, H., and Waidner, M. (2022). Poster: RPKI Kill Switch. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS ’22, page 3423–3425, New York, NY, USA. Association for Computing Machinery.
Rodday, N., Cunha, I., Bush, R., Katz-Bassett, E., Rodosek, G. D., Schmidt, T. C., and Wählisch, M. (2024). The Resource Public Key Infrastructure (RPKI): A Survey on Measurements and Future Prospects. IEEE Transactions on Network and Service Management, 21(2):2353–2373.
Schulmann, H., Vogel, N., and Waidner, M. (2024). RPKI: Not Perfect But Good Enough. Technical report. Disponível em: [link].
Van Hove, K., van der Ham-de Vos, J., and van Rijswijk-Deij, R. (2023). rpkiller: Threat Analysis of the BGP Resource Public Key Infrastructure. volume 4, New York, NY, USA. Association for Computing Machinery.
Yang, Q., Ma, L., Tu, S., Ullah, S., Waqas, M., and Alasmary, H. (2024). Towards Blockchain-Based Secure BGP Routing, Challenges and Future Research Directions. Computers, Materials & Continua, 79(2):2035–2062.
Hlavacek, T., Jeitner, P., Mirdita, D., Shulman, H., and Waidner, M. (2022a). Behind the Scenes of RPKI. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS ’22, page 1413–1426, New York, NY, USA. Association for Computing Machinery.
Hlavacek, T., Jeitner, P., Mirdita, D., Shulman, H., and Waidner, M. (2022b). Stalloris: RPKI Downgrade Attack. In 31st USENIX Security Symposium (USENIX Security 22), pages 4455–4471, Boston, MA. USENIX Association.
Jacobsen, O., Schulmann, H., Vogel, N., and Waidner, M. (2024). Poster: From Fort to Foe: The Threat of RCE in RPKI. In Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, CCS ’24, page 5015–5017, New York, NY, USA. Association for Computing Machinery.
Melo, Y., Salles, R., and Oliveira, F. (2022). Validação da solução RPKI para segurança do BGP. In Anais Estendidos do XXII Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, pages 41–48, Porto Alegre, RS, Brasil. SBC.
Mirdita, D., Schulmann, H., and Waidner, M. (2024). SoK: An Introspective Analysis of RPKI Security. Technical report. Disponível em: [link].
Mirdita, D., Shulman, H., and Waidner, M. (2022). Poster: RPKI Kill Switch. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS ’22, page 3423–3425, New York, NY, USA. Association for Computing Machinery.
Rodday, N., Cunha, I., Bush, R., Katz-Bassett, E., Rodosek, G. D., Schmidt, T. C., and Wählisch, M. (2024). The Resource Public Key Infrastructure (RPKI): A Survey on Measurements and Future Prospects. IEEE Transactions on Network and Service Management, 21(2):2353–2373.
Schulmann, H., Vogel, N., and Waidner, M. (2024). RPKI: Not Perfect But Good Enough. Technical report. Disponível em: [link].
Van Hove, K., van der Ham-de Vos, J., and van Rijswijk-Deij, R. (2023). rpkiller: Threat Analysis of the BGP Resource Public Key Infrastructure. volume 4, New York, NY, USA. Association for Computing Machinery.
Yang, Q., Ma, L., Tu, S., Ullah, S., Waqas, M., and Alasmary, H. (2024). Towards Blockchain-Based Secure BGP Routing, Challenges and Future Research Directions. Computers, Materials & Continua, 79(2):2035–2062.
Published
2025-09-01
How to Cite
MELO, Yuri de Abreu de; OLIVEIRA, Frederico Sauer G.; MORENO, Hugo Batalha; SANTOS, Anderson Fernandes Pereira dos; SALLES, Ronaldo Moreira.
MIRAK: An Artifact for Strengthening the Relying Party RPKI Environment. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 1106-1113.
DOI: https://doi.org/10.5753/sbseg.2025.11403.
