Abstract
Communication on the Internet consisting of a massive number of Autonomous Systems (AS) depends on routing based on Border Gateway Protocol (BGP). Routers generally trust the veracity of information in BGP updates from their neighbors, as with many other routing protocols. However, this trust leaves the whole system vulnerable to multiple attacks, such as BGP hijacking. Several solutions have been proposed to increase the security of BGP routing protocol, most based on centralized Public Key Infrastructure, but their adoption has been relatively slow. Additionally, these solutions are open to attack on this centralized system. Decentralized alternatives utilizing blockchain to validate BGP updates have recently been proposed. The distributed nature of blockchain and its trustless environment increase the overall system security and conform to the distributed character of the BGP. All of the techniques based on blockchain concentrate on inspecting incoming BGP updates only. In this paper, we improve on these by modifying an existing architecture for the management of network devices. The original architecture adopted a private blockchain implementation of HyperLedger. On the other hand, we use the public blockchain Ethereum, more specifically the Ropsten testing environment. Our solution provides a module design for the management of AS border routers. It enables verification of the prefixes even before any router sends BGP updates announcing them. Thus, we eliminate fraudulent BGP origin announcements from the AS deploying our solution. Furthermore, blockchain provides storage options for configurations of edge routers and keeps the irrefutable history of all changes. We can analyze router settings history to detect whether the router advertised incorrect information, when and for how long.
Highlights
IntroductionThe Internet is composed of a huge number of Autonomous Systems (ASes)
Nowadays, the Internet is composed of a huge number of Autonomous Systems (ASes).These ASes exchange information about IP prefixes
The results shown in the previous section prove that it is possible to use this architecture to manage AS border routers and increase Border Gateway Protocol (BGP) security
Summary
The Internet is composed of a huge number of Autonomous Systems (ASes). These ASes exchange information about IP prefixes. Communication among ASes is handled using a routing protocol called the Border Gateway Protocol (BGP) [1]. ASes trust each other and assume that their neighbour advertises correct data. This behaviour is a little naive because accepting all incoming BGP advertisements as genuine and correct may open the door for potential attacks. One of the most widespread types of attacks on BGP is called BGP hijacking [2].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.