Research On Blockchain-based BGP Key Attribute Verification Mechanism

Inter-domain routing is the cornerstone of the modern Internet,and the security of inter-domain routing is very important to the reliability and security of Internet basic services.However,BGP protocol,as a current standard inter-domain routing protocol,lacks security considerations at the beginning of its design and does not authenticate routing messages,which leads to the prevalence of routing attacks represented by address prefix hijacking and serious threats to network security.Although the routing trust verification scheme based on PKI implemented by IETF can resist routing attacks to a certain extent,it also introduces many problems,such as complex certificate management,high deployment cost,uncontrolled centralized power,and so on.To avoid the negative impact of the security scheme based on PKI,many research teams at home and abroad have proposed to introduce blockchain technology to solve the authentication problem of inter-domain routing,and designed a number of trusted verification schemes based on blockchain.However,these schemes rely too much on blockchain storage,resulting in excessive storage and computing pressure on the chain,seriously affecting performance and scalability,and hindering the deployment of the scheme in the actual scenario.In addition,because the BGP Community attribute is widely used,researchers have found a variety of new routing attacks using the Community attribute.This kind of attack is more covert and flexible,the detection mechanism is difficult to detect its existence,and the current trusted verification scheme can not completely defend against this kind of attack.In order to solve the above problems,this paper implements the routing source authentication mechanism and the Community attribute right-to-use authentication mechanism based on blockchain technology.Blockchain technology is decentralized,auditable,tamper-proof and globally consistent,which can help inter-domain routing security get rid of the problems of abuse of power,complex management,and difficult deployment under the PKI system.Specifically,the main work and contributions of this paper focus on the following three aspects:(1)A Decentralized Infrastructure for Secure and Scalable Route Origin certifying(DISRO)is proposed.In this scheme,the blockchain is used as the carrier to realize the peer-to-peer authentication of Internet resources between ISP,which replaces the hierarchical authorization in the scheme based on PKI.In this scheme,a scalable address resource allocation authentication framework is designed,which combines on-chain verification and off-chain computing,which reduces the pressure of storage and computing on blockchain.DISRO implements the first fully decentralized and scalable IP prefix allocation and routing source authentication scheme based on blockchain.(2)A Decentralized Infrastructure for Secure Community Attribute certifying(DISCA)is proposed.This scheme authenticates the use of BGP Community attributes based on the blockchain intelligent contract for the first time.Based on the routing source authentication provided by DISRO,this scheme further puts forward the concept of "the right to know about using".Through the proxy authentication mechanism,it can effectively resist a variety of new routing attacks without changing the existing BGP routing protocol.(3)A blockchain-based BGP key attribute security authentication prototype system is implemented.The prototype system uses Quagga software to simulate the inter-domain router,takes Ethereum as the blockchain application platform,and builds an inter-domain secure routing network based on intelligent contract authentication.By designing a proxy authentication module for the autonomous domain,the information exchange mechanism of the underlying inter-domain routing network and the top blockchain Overlay network is established.The system can effectively combine BGP routing with DISRO and DISCA to form a trusted verification capability for the key attributes of BGP.