Securing Route Origin Authorization with Blockchain for Inter-Domain Routing

被引:0
|
作者
He, Guobiao [1 ]
Su, Wei [1 ]
Gao, Shuai [1 ]
Yue, Jiarui [1 ]
机构
[1] Beijing Jiaotong Univ, Sch Elect & Informat Engn, Beijing, Peoples R China
来源
2020 IFIP NETWORKING CONFERENCE AND WORKSHOPS (NETWORKING) | 2020年
关键词
BGP security; ROA; decentralized; tamper-proof; blockchain;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The inter-domain routing with BGP is highly vulnerable to malicious attacks, due to the lack of a secure means of verifying authenticity and legitimacy of inter-domain routes. Resource Public Key Infrastructure (RPKI) is a new security infrastructure to verify that an IP address block holder has authorized an Autonomous System (AS) to originate routes by maintaining a Route Origin Authorization (ROA) repository, preventing the most devastating prefix hijacks in BGP. However, RPKI is a centralized hierarchical architecture that may empower the centralized authorities to unilaterally revoke or compromise any IP prefixes under their control. To eliminate the risks of RPKI, we present ROAchain, a novel BGP security infrastructure based on blockchain. Different from RPKI, ROAchain is a decentralized architecture, in which each AS maintains a globally consistent and tamper-proof ROA repository, authenticating the legitimacy of route origin and preventing BGP prefix hijacks. In ROAchain, a novel consensus algorithm is proposed to guarantee the strong consistency, scalability, and security of the system. Moreover, an incremental deployment scheme is designed without changing the current BGP protocol. Finally, ROAchain is implemented in Golang and validated on the Google Cloud.
引用
收藏
页码:504 / 508
页数:5
相关论文
共 50 条
  • [41] A cooperative mechanism for inter-domain routing management
    Hu, Ning
    Zou, Peng
    Zhu, Peidong
    Jisuanji Yanjiu yu Fazhan/Computer Research and Development, 2009, 46 (08): : 1251 - 1259
  • [42] On the Deployment of Default Routes in Inter-domain Routing
    Rodday, Nils
    Kaltenbach, Lukas
    Cunha, Italo
    Bush, Randy
    Katz-Bassett, Ethan
    Rodosek, Gabi Dreo
    Schmidt, Thomas C.
    Wahlisch, Matthias
    PROCEEDINGS OF THE 2021 ACM SIGCOMM WORKSHOP ON TECHNOLOGIES, APPLICATIONS, AND USES OF A RESPONSIBLE INTERNET (TAURIN '21), 2021, : 14 - 20
  • [43] Path Diversity for Inter-Domain Routing Security
    Basit, Abdul
    Ahmed, Naveed
    PROCEEDINGS OF 2017 14TH INTERNATIONAL BHURBAN CONFERENCE ON APPLIED SCIENCES AND TECHNOLOGY (IBCAST), 2017, : 384 - 391
  • [44] Decentralized Trust in the Inter-Domain Routing Infrastructure
    Paillisse, Jordi
    Manrique, Jan
    Bonet, Guillem
    Rodriguez-Natal, Alberto
    Maino, Fabio
    Cabellos, Albert
    IEEE ACCESS, 2019, 7 : 166896 - 166905
  • [45] A framework for cooperative inter-domain QoS routing
    Fonte, A
    Monteiro, E
    Yannuzzi, M
    Masip-Bruin, X
    Domingo-Pascual, J
    EUNICE 2005: NETWORKS AND APPLICATIONS TOWARDS A UBIQUITOUSLY CONNECTED WORLD, 2006, 196 : 91 - +
  • [46] Inter-domain QoS routing with virtual trunks
    Prior, Rui
    Sargento, Susana
    2007 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-14, 2007, : 139 - 146
  • [47] Translator trust for the Internet inter-domain routing
    Hu Xiangjiang
    Zhu Peidong
    Gong Zhenghu
    PROCEEDINGS OF FUTURE GENERATION COMMUNICATION AND NETWORKING, MAIN CONFERENCE PAPERS, VOL 1, 2007, : 452 - 457
  • [48] Connectivity Improvement for Inter-Domain Routing in MANETs
    Lu, You
    Zhou, Biao
    Ku, Ian
    Gerla, Mario
    MILITARY COMMUNICATIONS CONFERENCE, 2010 (MILCOM 2010), 2010, : 617 - 622
  • [49] On name-based inter-domain routing
    Rajahalme, Jarno
    Sarela, Mikko
    Visala, Kari
    Riihijarvi, Janne
    COMPUTER NETWORKS, 2011, 55 (04) : 975 - 986
  • [50] Lesson 172: Classless inter-domain routing
    Greenfield, David
    Network Magazine, 2002, 17 (11): : 26 - 28