ROAchain: Securing Route Origin Authorization with Blockchain for Inter-Domain Routing


The inter-domain routing with BGP is highly vulnerable to malicious attacks, due to the lack of a secure means of verifying authenticity and legitimacy of inter-domain routes. Resource Public Key Infrastructure (RPKI) is a new security infrastructure to prevent the most devastating prefix hijacks in BGP by maintaining a Route Origin Authorization (ROA) repository. However, RPKI is a centralized hierarchical architecture that may empower the centralized authorities to unilaterally revoke or compromise any IP prefixes under their control. To eliminate the risks of RPKI, we present ROAchain, a novel BGP security infrastructure based on blockchain. Different from RPKI, ROAchain is a decentralized architecture, in which each AS maintains a globally consistent and tamper-proof ROA repository, authenticating the legitimacy of route origin and preventing BGP prefix hijacks. To ensure the strong consistency, scalability, and security of ROAchain, a novel consensus algorithm is proposed, in which the credence value, collective signing, sharding, and a penalty mechanism are introduced. Moreover, a compatibility design is proposed without changing the current BGP protocol. Finally, ROAchain is implemented in Golang and validated on the Google Cloud.


Computer Science

Research Center/Lab(s)

Center for High Performance Computing Research

Keywords and Phrases

Authorization; BGP security; blockchain.; Computer architecture; decentralized; IP networks; Public key; ROA; Routing; tamper-proof

International Standard Serial Number (ISSN)


Document Type

Article - Journal

Document Version


File Type





© 2020 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.

Publication Date

01 Jun 2020