BGPcoin: Blockchain-Based Internet Number Resource Authority and BGP Security Solution

摘要

Without the design for inherent security, the Border Gateway Protocol (BGP) is vulnerable to prefix/subprefix hijacks and other attacks. Though many BGP security approaches have been proposed to prevent or detect such attacks, the unsatisfactory cost-effectiveness frustrates their deployment. In fact, the currently deployed BGP security infrastructure leaves the chance for potential centralized authority misconfiguration and abuse. It actually becomes the critical yield point that demands the logging and auditing of misbehaviors and attacks in BGP security deployments. We propose a blockchain-based Internet number resource authority and trustworthy management solution, named BGPcoin, to facilitate the transparency of BGP security. BGPcoin provides a reliable origin advertisement source for origin authentication by dispensing resource allocations and revocations compliantly against IP prefix hijacking. We perform and audit resource assignments on the tamper-resistant Ethereum blockchain by means of a set of smart contracts, which also interact as one to provide the trustworthy origin route examination for BGP. Compared with RPKI, BGPcoin yields significant benefits in securing origin advertisement and building a dependable infrastructure for the object repository. We demonstrate it through an Ethereum prototype implementation, and we deploy it and do experiment on a locally-simulated network and an official Ethereum test network respectively. The extensive experiment and evaluation demonstrate the incentives to deploy BGPcoin, and the enhanced security provided by BGPcoin is technically and economically feasible.