Research On Security Inter-Domain Routing Protocol

With the rapid development of Internet, it has become an indivisible part of our daily life like the four essential requirements of the people at present. Routing is the cornerstone of network. Based on the division of various autonomous systems (AS), routing system has been classified into two different levels which are intra-domain routing and inter-domain routing. As the only de facto routing protocol used for inter-domain routing, the Border Gateway Protocol (BGP) is used to exchange routing information between ASes and its security has great significance for the whole Internet.BGP is designed on the basis of hypothesis that the network environment is trust and reliable initially. Due to the lack of necessary security mechanisms, BGP cannot satisfy the security requirements of ever-deteriorating Internet environment currently. In the past few years, high frequency of inter-domain routing accidents indicates that it is urgent to enhance the security of BGP. Many secure protocols have been proposed for BGP exposed security issues by researchers in academic circles and industrial community, such as S-BGP, soBGP, psBGP, SE-BGP and so on. However, none of proposed methods has been deployed so far due to lack of security, too complex verification model and excess routing resources consumption. The key to deploy the BGP security mechanisms is to propose new, simple and lightweight solutions and improve their performance and practicality importantly.This thesis analyses security BGP vulnerabilities from two aspects which are routing information security and routing behavior security. This article summarizes the major defects of existing methods for the further research on key technology of safe BGP protocol and designs novel and high-efficiency security mechanisms. From the perspective of keeping routing information safe, the research focuses on security of path information and IP address prefix origin authentication. From the perspective of keeping routing behavior safe, the research focuses on detecting and preventing nonfeasance action on inter-domain routing forwarding. The presented schemes increase security for inter-domain routing system and reduce the complexity and resource cost of solutions with the simplification of verifying process. They provide better support for technology deployment and new approaches for implementing next generation IP network with measurable, controllable and manageable.The main innovations and contributions of the present thesis are as follows:(1) For the defects of SE-BGP mechanism, an improved BGP security mechanism is proposed for solving the problem of cross-certification of key nodes between AS alliances with introduction of the proxy re-signature. There are some relatively serious defects in the SE-BGP security mechanism. These defects will leakage Internet Service Provider (ISP) information and waste large cost of storage and management of certificates because of maintenance of lots of additional certificates. Therefore the SE-BGP is not a real distributed certificate authority method. Based on the proxy re-signature, the AS alliance is modified and the TTM trust model is improved in this thesis. It is designed for solving the problem of cross-certification of key nodes with novel algorithms for original authentication and path verification. Security analysis demonstrates the scheme has the similar security capability to the SE-BGP. It is showed that this mechanism has better scalability to reduce the cost of certificates storage and information verification compared with SE-BGP in performance evaluation.(2) This thesis improves the scheme of path verification application in proxy re-signature. A new security mechanism is proposed for BGP path verification based on proxy re-signature to improve the efficiency of path verification. One of the most applications in proxy re-signature is for the network path verification. Therefore, proxy re-signature is firstly introduced into BGP protocol. Combining with BGP protocol characteristics, this thesis gives detailed analysis of existing problems on proxy re-signature practical applications for path verification. It improves original path verification methods and allocates the roles such as delegator into BGP environments reasonably. Corresponding algorithms are proposes for the BGP path update and verification. Security analysis and performance evaluation demonstrate characteristics that the fewer signatures and certificates used in proxy re-signature verification gets well developed with strong ability of security in this mechanism. It can reduce the route resource expense and has high scalability.(3) Sanitizable signature is introduced into BGP path verification, a security mechanism is proposed based on sanitizable signature. It decreases the cost for path verification and solves the problem that is the modification behavior of sanitizer cannot be restricted. The sanitizable signature can be used for securing routing and consume fewer signatures and certificates in verification process. Based on idea of restriction the modification behavior of next-hop node, it overcomes the defects of application and allocates the roles such as sanitizer into BGP environments reasonably. The novel path authentication model and algorithms have been presented to constrain the behavior of sanitizer. Security analysis and performance evaluation show that the scheme can reduce the routing resource consumption with good security capability and scalability.(4) Refers to thoughts of line up phenomenon in human society, a lightweight method is designed for BGP path verification. This method is simplified to the process of path verification with less resource consumption. Many security mechanisms have been proposed for BGP path verification. However, none has been widely accepted at present because the high computational overhead and excess storage cost for certificates. Based on analysis of AS_PATH attribute and basic principles of BGP with reference to line up phenomenon in human society, first two ASes’signatures have been taken in every route updates and the two signatures can provide protection for path information without any illegal modification. System simulation results show that this mechanism can reduce the number of signatures, which will not grow with increasing path distance. It also reduces the number of used certificates with strong ability of security and makes the system more simple and efficient to deploy with great practicality.(5) On the aspect of security of routing behavior, a security mechanism is designed for detecting nonfeasance through introducing feedback approach into the process of BGP route announcements. According to the analysis of anomaly forwarding in inter-domain routing, the existing research is short of nonfeasance behavior which means the autonomous system does not transfer routing information to its peers, which was supposed to do. An accurate definition has been made for nonfeasance behavior in inter-domain routing forwarding on analysis of reasons for nonfeasance. Based on AS relationships between two-hop distance neighbors, it designs algorithms to determine the subsequent forwarding process of neighbor nodes. Feedback approach is introduced into the process of BGP route announcements for detecting nonfeasance behavior. Combined of BGP route selection, this scheme offers an efficient penalty algorithm to keep the selected path safe to lessen the risk of nonfeasance routing behavior. System simulation results show that it improves the overall security of inter-domain routing system and reduces the burden on the system with good scalability to deploy easily.In summary, this thesis mainly researches on BGP security vulnerabilities inter-domain routing system, and proposes five major research fields from two perspectives that are the security of routing information and routing behavior. It presents the corresponding solutions for prefix original authentication, path verification and nonfeasance behavior detection. Compared with proposed solutions, the schemes in present thesis increase the performance and practicality of security mechanisms by reducing the verification and validation complexity and resource expense. They have great significance in both theory and practice to promote the research on security issues of BGP and deployment of security mechanisms in the future.