| With the development of the Internet,the number of users in the Internet continues to increase,which causes more and more frequent network attacks.As the inter-domain routing protocol between Autonomous Systems,Border Gateway Protocol is also a key target of network attacking.The initial design of BGP is based on the principle of mutual trust between Autonomous Systems,so that each AS trusts all information received from other Ases,and lacks of validation,which causes the appearance of BGP prefix hijack attacks.In order to prevent BGP prefix hijack,IETF proposed Resource Public Key Infrastructure to solve the problem of lacking of route validation in BGP.However,RPKI follows the hierarchical structure of Public Key Infrastructure,leading to the great power of RPKI authorities,which causes a new security risk called Misbehaving Authorities.In this paper,RPKI and its security issues will be studied in depth.We will use the BGP and RPKI data acquisition technology to collect BGP and RPKI historical route origin information,and record the deployment of the RPKI,then verify the state of BGP route origin information and monitor the tendency of state,to further discover the abnormalities of the tendency in state of BGP route origin and analyze whether there are mishehaving RPKI authorities or not.This paper designs and implements the BGP and RPKI detection system.The system consists of 4 modules,namely data acquisition module,data processing module,route origin comparison module and RPKI watch-lists module.The data acquisition module collects the BGP and RPKI raw data from the BGP data source and the RPKI repository in the current network and establishes the historical database.The data processing module processes the collected raw data into user-readable route origin data that authorizes a specified AS to originate a set of prefixes.The route origin comparison uses the RPKI route origin data to validate the BGP route origin data,and indicates the validity of the route origin data using the result of verification,and then establishs a historical database for route origin validity data.The RPKI watch-lists module establishes three types of RPKI watch-lists according to the RPKI route origin data to monitor the time when changes happen in route origin data.We used the implemented detection system to collect and process the BGP and RPKI data from January 1,2017 to April 30,2017,and validated the validity of BGP route origin data using RPKI data,and then analyzed the deployment and trend of RPKI.We found that the mininal depth of RPKI structure was 2,and the maximum depth was 5,and the average depth was 3.Also,we found the number certificates in the RPKI repository was increasing with time.What's more,we found RPKI route origin data covered 7.80% of the Internet's effective IP address and 5.86% of the effective AS number,and the coverage was increasing over time.However,there is no significant trend in the usage percentage of BGP route origin validity data,but the usage percentage fluctuates within the range of 6.5% to 7.5%.In this paper,we analyzed 3 types of threats created by misbehaving authorities,and designed experiments to simulate the mishebahaving authorities to tamper the data in repository,and then analyzed the effectiveness of the route origin validity caused by the tampered data.According to the result of experiment,we found the different appearance of different threats,which can be used to identify the type of threats.In this paper,we presented the BGP and RPKI detection system,and obtained the historical database of BGP and RPKI raw data,the historical database of route origin data,and the historical database of route origin validity data.Also,we established RPKI watch-lists to monitor the changes of RPKI route origin data.What's more,we analyzed the deployment and trend of RPKI and the influence of threats created by misbehaving authorities,which provided a way to identify the type of a threat created by misbehaving authorities. |
PDF Full Text Request