Abstract
Promise-violating attack to inter-domain routing protocol is becoming common in recent years, which always causes serious consequences, such as malicious attraction traffic, broken network. To deal with this kind of attack, routing verification is introduced by current research. However, it can only detect attacks against a specific routing policy triggered by one malicious node, and no research has yet been conducted to solve the problem caused by multiple collusion nodes. In this work, we present BRVM, a blockchain-based routing verification model, to address the issue of violating shortest AS Path policy. The main idea of BRVM is to record the route proofs to verify whether a route violates the policy using the blockchain technology. The precondition of avoiding a collusion attack is that the proportion of the malicious verification nodes is lower than the fault tolerance rate of the consensus algorithm used in the blockchain. We theoretically prove the correctness of BRVM, and implement a prototype based on Quagga and Fabric. Our experiments show that BRVM can solve this kind of promise-violating problem caused by multiple collusion nodes, and about 21% faster than SPIDeR [14] in performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Qiu, S.Y., McDaniel, P.D., Monrose, F.: Toward valley-free inter-domain routing. In: IEEE ICC 2007, Glasgow, pp. 2009–2016. IEEE (2007)
Kalafut, A.J., Shue, C.A., Gupta, M.: Malicious hubs: detecting abnormally malicious autonomous systems. In: IEEE INFOCOM 2010, San Diego, pp. 1–5. IEEE (2010)
Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. In: ACM SIGCOMM 2002, Pittsburgh, pp. 3–16. ACM (2002)
Nordström, O., Dovrolis, C.: Beware of BGP attacks. ACM SIGCOMM Comput. Commun. Rev. 34(2), 1–8 (2004)
Norton, W.B.: Study of 28 Peering Policies. Technical report. http://drpeering.net/whitepapers/Peering-Policies/A-Study-of-28-Peering-Policies.html
Rensys Blog, Internet-Wide catastrophe—Last year. http://www.renesys.com/blog/2005/12/internetwide_nearcatastrophela.shtml
Rensys Blog, Pakistan hijacks YouTube. http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml
BGPmon Blog, How the Internet in Australia went down under. http://bgpmon.net/blog/?p=554
Google made a tiny error and it broke half the internet in Japan. https://thenextweb.com/google/2017/08/28/google-japan-internet-blackout
Goldberg, S., Schapira, M., Hummon, P., Rexford, J.: How secure are secure interdomain routing protocols. ACM SIGCOMM Comput. Commun. Rev. 40(4), 87–98 (2010)
Kent, S., Lynn, C., Mikkelson, J., Seo, K.: Secure border gateway protocol (S-BGP). IEEE J. Sel. Areas Commun. 18, 103–116 (2000)
White, R.: Securing BGP through secure origin BGP. Internet Protoc. J. 6(3), 15–22 (2003)
Haeberlen, A., Avramopoulos, I., Rexford, J., Druschel, P.: NetReview: detecting when interdomain routing goes wrong. In: USENIX NSDI 2009, Boston, pp. 437–452. USENIX Association (2009)
Zhao, M., Zhou, W., et al.: Private and verifiable interdomain routing decisions. IEEE/ACM Trans. Netw. 24(2), 1011–1024 (2016)
Hyperledger Fabric. https://www.hyperledger.org/projects/fabric
Quagga Routing Suite. http://www.nongnu.org/quagga
Butler, K.R.B., Farley, T., Mcdaniel, P.D., Rexford, J.: A survey of BGP security issues and solutions. Proc. IEEE 98(1), 100–122 (2010)
Goodell, G., Aiello, W., Griffin, T., et al.: Working around BGP: an incremental approach to improving security and accuracy of interdomain routing. In: NDSS 2003, San Diego (2003)
Aiello, W., Ioannidis, J., McDaniel, P.: Origin authentication in interdomain routing. In: ACM CCS 2003, Washington, DC, pp. 165–178. ACM (2003)
Hu, Y., Perrig, A., Sirbu, M.A.: SPV: secure path vector routing for securing BGP. In: ACM SIGCOMM 2004, Portland, pp. 179–192. ACM (2004)
Smith, S.W., Zhao, M., Nicol, D.M.: Aggregated path authentication for efficient BGP security. In: 12th ACM Conference on Computer and Communications Security, Alexandria, pp. 128–138. ACM (2005)
McDaniel, P., Butler, K., Aiello, W.: Optimizing BGP security by exploiting path stability. In: 13th ACM Conference on Computer and Communications Security, Alexandria, pp. 298–310. ACM (2006)
Oorschot, P.C.V., Wan, T., Kranakis, E.: On inter-domain routing security and pretty secure BGP (psBGP). ACM (2007)
Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Topology-based detection of anomalous BGP messages. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 17–35. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45248-5_2
Lad, M., Massey, D., Pei, D., et al.: BPHAS: a prefix hijack alert system. In: The 15th USENIX Security Symposium. USENIX Association (2006)
Zhang, X., Hsiao, H.C., Hasker, G., et al.: SCION: scalability, control, and isolation on next-generation networks. In: IEEE Symposium on Security and Privacy, Berkeley, pp. 212–227. IEEE (2011)
Feamster, N., Mao, Z.M., Rexford, J.: BorderGuard: detecting cold potatoes from peers. In: ACM IMC 2004, Taormina, pp. 213–218. ACM (2004)
Gupta, D., Segal, A., Panda, A., Segev, G., et al.: A new approach to interdomain routing based on secure multi-party computation. In: ACM Workshop on Hot Topics in Networks, Seattle, pp. 37–42. ACM (2012)
Gurney, A.J.T., Haeberlen, A., Zhou, W., et al.: Having your cake and eating it too: routing security with privacy protections. In: ACM Workshop on Hot Topics in Networks, Cambridge. ACM (2011)
Chen, Q., Qian, C., Zhong, S.: Privacy-preserving cross-domain routing optimization - a cryptographic approach. In: IEEE ICNP 2015, San Francisco, pp. 356–365. IEEE (2015)
Sundaresan, S., Lychev, R., Valancius, V.: Preventing attacks on BGP policies: one bit is enough. Georgia Institute of Technology (2011)
Henecka, W., Roughan, M.: STRIP: privacy-preserving vector-based routing. In: IEEE ICNP 2014, Research Triangle Park, pp. 1–10. IEEE (2014)
Hari, A., Lakshman, T.V.: The Internet blockchain: a distributed, tamper-resistant transaction framework for the internet. In: ACM Workshop on Hot Topics in Networks, Atlanta. ACM (2016)
Alowayed, Y., Canini, M., Marcos, P., et al.: Picking a partner: a fair blockchain based scoring protocol for autonomous systems. In: ANRW 2018, Montreal. ACM (2018)
Saad, M., Anwar, A., Ahmad, A., Alasmary, H., Yukesl, M., Mohaisen, A.: RouteChain: towards blockchain-based secure and efficient BGP routing. In: IEEE International Conference on Blockchain and Cryptocurrency 2019, Seoul. IEEE (2019)
Acknowledgements
This work is supported by the National Key Research and Development Program of China under grant No. 2018YFB1003602, and Key Area Research and Development Program of Guangdong Province under grant No. 2019B010137005.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Liu, Y., Zhang, S., Zhu, H., Wan, PJ., Gao, L., Zhang, Y. (2019). An Enhanced Verifiable Inter-domain Routing Protocol Based on Blockchain. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-030-37228-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-37228-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37227-9
Online ISBN: 978-3-030-37228-6
eBook Packages: Computer ScienceComputer Science (R0)