ROAchain: Securing Route Origin Authorization With Blockchain for Inter-Domain Routing

【Author】 He, Guobiao; Su, Wei; Gao, Shuai; Yue, Jiarui; Das, Sajal K.

【Source】IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT

【影响因子】4.758

【Abstract】The inter-domain routing with BGP is highly vulnerable to malicious attacks, due to the lack of a secure means of verifying authenticity and legitimacy of inter-domain routes. Resource Public Key Infrastructure (RPKI) is a new security infrastructure to prevent the most devastating prefix hijacks in BGP by maintaining a Route Origin Authorization (ROA) repository. However, RPKI is a centralized hierarchical architecture that may empower the centralized authorities to unilaterally revoke or compromise any IP prefixes under their control. To eliminate the risks of RPKI, we present ROAchain, a novel BGP security infrastructure based on blockchain. Different from RPKI, ROAchain is a decentralized architecture, in which each AS maintains a globally consistent and tamper-proof ROA repository, authenticating the legitimacy of route origin and preventing BGP prefix hijacks. To ensure the strong consistency, scalability, and security of ROAchain, a novel consensus algorithm is proposed, in which the credence value, collective signing, sharding, and a penalty mechanism are introduced. Moreover, a compatibility design is proposed without changing the current BGP protocol. Finally, ROAchain is implemented in Golang and validated on the Google Cloud.

【Keywords】IP networks; Routing; Computer architecture; Public key; Authorization; BGP security; ROA; decentralized; tamper-proof; blockchain

【发表时间】2021 JUN

【收录时间】2022-01-02

【文献类型】

【主题类别】

--