ROAchain: Securing Route Origin Authorization with Blockchain for Inter-Domain Routing
The inter-domain routing with BGP is highly vulnerable to malicious attacks, due to the lack of a secure means of verifying authenticity and legitimacy of inter-domain routes. Resource Public Key Infrastructure (RPKI) is a new security infrastructure to prevent the most devastating prefix hijacks in BGP by maintaining a Route Origin Authorization (ROA) repository. However, RPKI is a centralized hierarchical architecture that may empower the centralized authorities to unilaterally revoke or compromise any IP prefixes under their control. To eliminate the risks of RPKI, we present ROAchain, a novel BGP security infrastructure based on blockchain. Different from RPKI, ROAchain is a decentralized architecture, in which each AS maintains a globally consistent and tamper-proof ROA repository, authenticating the legitimacy of route origin and preventing BGP prefix hijacks. To ensure the strong consistency, scalability, and security of ROAchain, a novel consensus algorithm is proposed, in which the credence value, collective signing, sharding, and a penalty mechanism are introduced. Moreover, a compatibility design is proposed without changing the current BGP protocol. Finally, ROAchain is implemented in Golang and validated on the Google Cloud.
G. He et al., "ROAchain: Securing Route Origin Authorization with Blockchain for Inter-Domain Routing," IEEE Transactions on Network and Service Management, Institute of Electrical and Electronics Engineers (IEEE), Jun 2020.
The definitive version is available at https://doi.org/10.1109/TNSM.2020.3015557
Center for High Performance Computing Research
Keywords and Phrases
Authorization; BGP security; blockchain.; Computer architecture; decentralized; IP networks; Public key; ROA; Routing; tamper-proof
International Standard Serial Number (ISSN)
Article - Journal
© 2020 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.
01 Jun 2020