A novel routing verification approach based on blockchain for inter-domain routing in smart metropolitan area networks

Abstract In recent years, with the continuous expansion of metropolitan area networks, the routing security problem has become more and more serious. In particular, promise-violating attack to inter-domain routing protocol is one of the most difficult attacks to defend, which always leads to serious consequences, such as maliciously attracting traffic and disrupting the network. To deal with such attack, current research generally adopts routing verification. However, it can only detect attacks violating a specific routing policy triggered by one malicious node, and no research has yet solved the problem caused by multiple collusion nodes. In this paper, we propose BRVM, a blockchain-based routing verification model, to address the issue that violating the shortest AS Path policy. The main idea of BRVM is to construct a route proof chain to verify whether a route violates the policy with the help of the blockchain technology. The precondition that avoiding the collusion attack is that the proportion of the malicious verification nodes is lower than the fault tolerance rate of the consensus algorithm. Then, we prove the correctness of BRVM in theory, and implement a prototype based on Quagga and Hyperledger Fabric. Some experiments on this prototype show that BRVM can indeed solve the promise-violating problem caused by multiple collusion nodes, and about 15.5% faster in performance compared with SPIDeR.

[1]  Sharon Goldberg,et al.  How secure are secure interdomain routing protocols , 2010, SIGCOMM '10.

[2]  Andreas Haeberlen,et al.  Having your cake and eating it too: routing security with privacy protections , 2011, HotNets-X.

[3]  Keke Gai,et al.  Privacy-Preserving Content-Oriented Wireless Communication in Internet-of-Things , 2018, IEEE Internet of Things Journal.

[4]  Patrick D. McDaniel,et al.  Optimizing BGP security by exploiting path stability , 2006, CCS '06.

[5]  Sheng Zhong,et al.  Privacy-Preserving Cross-Domain Routing Optimization - A Cryptographic Approach , 2015, 2015 IEEE 23rd International Conference on Network Protocols (ICNP).

[6]  Keke Gai,et al.  Multi-Access Filtering for Privacy-Preserving Fog Computing , 2022, IEEE Transactions on Cloud Computing.

[7]  Patrick D. McDaniel,et al.  Origin authentication in interdomain routing , 2003, CCS '03.

[8]  Yang Xu,et al.  A Blockchain-Based Nonrepudiation Network Computing Service Scheme for Industrial IoT , 2019, IEEE Transactions on Industrial Informatics.

[9]  Constantinos Dovrolis,et al.  Beware of BGP attacks , 2004, CCRV.

[10]  Dongwen Zhang,et al.  Nei-TTE: Intelligent Traffic Time Estimation Based on Fine-Grained Time Derivation of Road Segments for Smart City , 2020, IEEE Transactions on Industrial Informatics.

[11]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[12]  Nick Feamster,et al.  BorderGuard: detecting cold potatoes from peers , 2004, IMC '04.

[13]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[14]  Andreas Haeberlen,et al.  NetReview: Detecting When Interdomain Routing Goes Wrong , 2009, NSDI.

[15]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[16]  Keke Gai,et al.  Blockchain-Enabled Reengineering of Cloud Datacenters , 2018, IEEE Cloud Computing.

[17]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[18]  Patrick D. McDaniel,et al.  Toward Valley-Free Inter-domain Routing , 2007, 2007 IEEE International Conference on Communications.

[19]  Mohsen Guizani,et al.  Vcash: A Novel Reputation Framework for Identifying Denial of Traffic Service in Internet of Connected Vehicles , 2019, IEEE Internet of Things Journal.

[20]  Srikanth Sundaresan,et al.  Preventing Attacks on BGP Policies: One Bit is Enough , 2011 .

[21]  D. Clark,et al.  Complexity of Internet Interconnections: Technology, Incentives and Implications for Policy , 2007 .

[22]  Andreas Haeberlen,et al.  Private and Verifiable Interdomain Routing Decisions , 2016, IEEE/ACM Trans. Netw..

[23]  Christopher Krügel,et al.  Topology-Based Detection of Anomalous BGP Messages , 2003, RAID.

[24]  Meikang Qiu,et al.  Differential Privacy-Based Blockchain for Industrial Internet-of-Things , 2020, IEEE Transactions on Industrial Informatics.

[25]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[26]  Keke Gai,et al.  Permissioned Blockchain and Edge Computing Empowered Privacy-Preserving Smart Grid Networks , 2019, IEEE Internet of Things Journal.

[27]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[28]  Matthew Roughan,et al.  STRIP: Privacy-preserving vector-based routing , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[29]  Joan Feigenbaum,et al.  A new approach to interdomain routing based on secure multi-party computation , 2012, HotNets-XI.

[30]  Yang Xu,et al.  Towards Secure Network Computing Services for Lightweight Clients Using Blockchain , 2018, Wirel. Commun. Mob. Comput..

[31]  Sean W. Smith,et al.  Aggregated path authentication for efficient BGP security , 2005, CCS '05.

[32]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[33]  Enke Chen,et al.  An Application of the BGP Community Attribute in Multi-home Routing , 1996, RFC.

[34]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[35]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM 2004.