BGPcredit : A Blockchain-based System for Securing BGP

Sammanfattning: Due to the absence of appropriate security mechanisms, even the latest version of Board Gateway Protocol (BGP) is still highly vulnerable to malicious routing hijacking. The original problem is that BGP allows router to accept any BGP update message without any extra validation process. Resource Public Key Infrastructure (RPKI) issues a series of digital signature certificates to provide binding relationship between the IP prefix in the route advertisement and the Autonomous System (AS) number on the propagation path to protect BGP routing. However, RPKI is a centralized architecture in which Certification Authority (CA) can launch power abuses attacks, such as unilaterally certificate revocation or publication repository tampering. In this thesis, we propose a blockchain-based BGP security infrastructure, named BGPcredit. The BGPcredit system synchronizes RPKI certificates by consensus process. It can maintain identical RPKI certificates repository across the whole system through blockchain, providing necessary security protection for BGP routing. In order to provide such features, we customize a proper consensus algorithm for BGPcredit which a reasonable credence management mechanism, credit computing function, block forger election process, Verifiable Random Function (VRF) are introduced. Also, the blockchain is customized to meet the system requirements. Moreover, BGPcredit advocates to make fully use of the trust of certification authorities to build a partially decentralized system. Some trusted nodes with higher authority are set to enhance the system’s security and robustness. Finally, I implement the BGPcredit prototype and conduct some validation experiments to test its performance.