Research On Key Issues Of Trustworthy Interdomain Routing Based On Blockchain

Interdomain routing system is the core infrastructure of the Internet.The deficiency of BGP trust generally leads to the interdomain routing trustworthiness problem,which further brings numerous potential risks on the stable operation and sound development of the Internet,such as prefix hijacking,path tampering,and route leak.However,the establishment of interdomain trust and collaborative verification are extremely challenging for the including asymmetric autonomous structure,complex business relationship,and freely customized routing policy in interdomain routing system.Compared with existing PKI-based researches and practices on trustworthy interdomain routing which suffer the potential risks from centralized management and trust monopoly,leveraging blockchain to solve the interdomain routing trustworthiness problem has essential advantages including decentralization,tamper-resistance and traceability.However,the current related researches in this field are still in the infancy stage,which primarily focused on interdomain resource management while ignored the collaborative incentive and policy security.Thus,in this dissertation,we study the blockchain-based trustworthy interdomain routing from the aspects of trust maintenance,resource authenticity,behavior controllability,and agreement compliance.The main contributions in this dissertation are summarized as follows:1.The research idea of solving interdomain routing trustworthiness problem by constructing a blockchain-based trust overlay network over autonomous systems(ASes).To solve the trust deficiency problem in the control plane of interdomain routing system,we analyze the security threat faced by interdomain routing,and reveal that the deficiency of BGP trust in interdomain control plane is the underlying cause for the interdomain vulnerability.Accordingly,from the perspective of establishing interdomain trust and cooperation,we clarify the connotation of trustworthy interdomain routing as trust maintenance,resource trustworthiness,behavior controllability,and agreement compliance.Based on the in-depth analysis of the existing researches on blockchain-based trustworthy interdomain routing solutions,we propose our research idea of leveraging blockchain to solve the interdomain routing trustworthiness problem:constructing a blockchain-based trust overlay network over ASes to jointly maintain the consistent global view of Internet number resources,policy expectations,route states,and further achieve reputation evaluation,route validation and behavior supervision by multi-domain cooperation.2.An inter-domain routing reputation model based on autonomous system(AS)collaborationTo solve the incapibility of existing reputation models in accurately evaluating the reputation of an AS from the global perspective with incomplete interdomain routing information in local domain,we propose an interdomain routing reputation model based on AS collaboration.We analyze statistical characteristics of AS routing behaviors and establish a Bayesian-estimationbased AS reputation quantification index to evaluate local reputation of the target AS;According to our finding based on BGP raw data analysis that the connection degree of an AS is positively correlated with the completeness of its local routing information,we design a collaborative weighted reputation aggregation algorithm to compute global reputation of target AS;We introduce a reputation updating method based on the diverse behavior patterns in time dimension between legitimate and malicious ASes,which can penalize the ASes with continuous malicious behaviors.We carry out our experiment based on the real data of 2015 Airtel prefix hijacking incident.Taking the globally evaluated reputation as benchmark,the accuracy of reputation aggregation in our model is 95.5%,which is at least 22.7% higher than that of existing models.The experimental results demonstrate that our model can effectively capture fine-granted AS behavior dynamics in different normal/abnormal periods,and achieve approximately global-view AS reputation evaluation from local perspective.The model can be used for the evaluation of trustworthy interdomain routing solution effectiveness and can serve as the ground basis for node supervision in blockchain-based trust overlay network.3.An interdomain route validation scheme based on consortium blockchainTo solve the problem of slow resource synchronization and lack of policy checking function in existing blockchain-based interdomain route validation solutions,we propose an interdomain route validation scheme based on consortium blockchain.By using consortium blockchain as a distributed,tamper-proof,and traceable ledger,a global consistent view of Internet digital resources and topological relations among ASes is constructed,which supports the participant ASes to exchange and share the resource and topology information needed for route validation based on the on-chain smart contracts,and further validate route source,AS-path and valley-free compliance.We carry out the initialization performance experiment by simulating the process of Internet resource allocation/delegation process and the route validation experiments by reproducing 2015 Airtel prefix hijack incident and 2017 Google route leak incident.The average transaction processed per second in our scheme is 6.62,and our scheme can complete the validation of BGP route update message within 6 hops in 500 ms,being able to identifying the abnormal route caused by prefix hijacking,path tampering and valley-free violation.The experimental results demonstrate that our scheme can achieve light and efficient route validation while satisfying the performance requirements of interdomain routing,without changing the current interdomain routing framework.4.An interdomain routing policy compliance validation method based on on-chain information privacy sharingTo solve the incapability of the existing policy compliance checking methods in meeting the dual requirements of ASes for local routing policy autonomous configuration and privacy protection,we propose an interdomain routing policy compliance validation method based on onchain information privacy sharing.Our method utilizes blockchain as trust endorsements,enabling ASes to publish and interact routing policy expectations in a safe and private manner.The authenticity of route propagation process is ensured by generating route proofs corresponding to route updates.Thus,the routing policy compliance validation in the route propagation process is completed by multi-domain cooperation.We carry out our experiment and analysis based on the real data of 2019 Cloudfare route leak incident under different deployment ratios.In the case of80% deployment in tier-1 ASes,our method can suppress more than 87.9% of policy violation route propagation,and the policy compliance validation can be completed in the time scale of millisecond.The experimental results demonstrate that our method is able to conduct traceable routing export policy compliance validation without leaking routing policies of AS,and has significant ability to inhibit policy violation routes even in partial deployment scenario.5.An interdomain route instability traceable detection method based on route state causal chainTo solve the problem of detection time limitation caused by route update delay and the possible tampering of traceability information in existing route instability traceable detection methods,we propose an interdomain route instability traceable detection method based on route state causal chain.By analyzing the causal relationship of route states,we define route state update token that can describe the route state change and transfer process.Route state update tokens are published and stored in the blockchain during the route update propagation to construct the route state causal chain.By analyzing the route state causal chain,the type of route instability is judged,and the failed links or policy-conflict AS sequences are located to achieve route instability traceable detection.We theoretically prove that our method can trace the failure link and the policyconflict AS sequence which can lead to convergence delay and persistent route oscillation respectively,and carry out validating experiment based on Quagga software routers in typical topology.Theoretical analysis and experimental results demonstrate that,our method can timely detect route instability caused by the dynamic changes of both policy and topology,and determine type and root cause of route instability without modifying BGP.