Abstract
Without the design for inherent security, the Border Gateway Protocol (BGP) is vulnerable to prefix/subprefix hijacks and other attacks. Though many BGP security approaches have been proposed to prevent or detect such attacks, the unsatisfactory cost-effectiveness frustrates their deployment. In fact, the currently deployed BGP security infrastructure leaves the chance for potential centralized authority misconfiguration and abuse. It actually becomes the critical yield point that demands the logging and auditing of misbehaviors and attacks in BGP security deployments. We propose a blockchain-based Internet number resource authority and trustworthy management solution, named BGPcoin, to facilitate the transparency of BGP security. BGPcoin provides a reliable origin advertisement source for origin authentication by dispensing resource allocations and revocations compliantly against IP prefix hijacking. We perform and audit resource assignments on the tamper-resistant Ethereum blockchain by means of a set of smart contracts, which also interact as one to provide the trustworthy origin route examination for BGP. Compared with RPKI, BGPcoin yields significant benefits in securing origin advertisement and building a dependable infrastructure for the object repository. We demonstrate it through an Ethereum prototype implementation, and we deploy it and do experiment on a locally-simulated network and an official Ethereum test network respectively. The extensive experiment and evaluation demonstrate the incentives to deploy BGPcoin, and the enhanced security provided by BGPcoin is technically and economically feasible.
Highlights
The current Internet is lacking security, the intended original function of which was to build connectivity between any node
We propose a lightweight and efficient origin authentication framework around the blockchain for Border Gateway Protocol (BGP) security, which has superior security resilience and is more easy and lightweight to deploy than the PKI-based origin attestation solutions
Since we experiment with the setup phase in parts at several different times, we only show one part of our blockchain data as a sample
Summary
The current Internet is lacking security, the intended original function of which was to build connectivity between any node. One of the most crucial problems is securing inter-domain routing [17,18,19]. RPKI (Resource PKI) is an Internet infrastructure resource management system implemented by IANA and deployed experimentally to support inter-domain routing security [19]. The management system uses the X.509 public key certificate framework to issue Certification Authority (CA) certificates for Internet number resources (including IP address and AS number) and binds the number resources to its public key. When an IP address resource holder (a CA certificate holder in the RPKI system) needs to authorize an AS to advertise route reachability information for its specific IP address prefix, the IP address resource holder issues an EE certificate with the private key corresponding to the CA certificate
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have