基于区块链的域间路由策略符合性验证方法
CSTR:
作者:
作者单位:

作者简介:

陈迪(1992-),女,博士,讲师,主要研究领域为域间路由系统安全,区块链技术与应用.;邱菡(1981-),女,博士,副教授,CCF专业会员,主要研究领域为域间路由安全,网络安全模拟与评估.;朱俊虎(1974-),男,博士,教授,CCF高级会员,主要研究领域为网络对抗,网络安全测试与评估.;王清贤(1960-),男,教授,博士生导师,主要研究领域为网络安全.;樊松委(1997-),男,硕士生,主要研究领域为区块链技术,域间路由安全.

通讯作者:

邱菡,E-mail:qiuhan410@aliyun.com

中图分类号:

基金项目:

国家自然科学基金(61502528, 61902447)


Blockchain-based Validation Method for Inter-domain Routing Policy Compliance
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    域间路由系统自治域 (ASes)间具有不同的商业关系和路由策略. 违反自治域间出站策略协定的路由传播可能引发路由泄露, 进而导致网络中断、流量窃听、链路过载等严重后果. 路由策略符合性验证对于保证域间路由系统安全性和稳定性至关重要. 但自治域对本地路由策略自主配置与隐私保护的双重需求增加了验证路由策略符合性的难度, 使其一直是域间路由安全领域尚未妥善解决的难点问题. 提出一种基于区块链的域间路由策略符合性验证方法. 该方法以区块链和密码学技术作为信任背书, 使自治域能够以安全和隐私的方式发布、交互、验证和执行路由策略期望, 通过生成对应路由更新的路由证明, 保证路由传播过程的真实性, 从而以多方协同的方式完成路由策略符合性验证. 通过实现原型系统并基于真实路由数据开展实验与分析, 结果表明该方法可以在不泄露自治域商业关系和本地路由策略的前提下针对路由传播出站策略符合性进行可追溯的验证, 以合理的开销有效抑制策略违规路由传播, 在局部部署情况下也具有显著的策略违规路由抑制能力.

    Abstract:

    Various business relationships and routing policies exist among the autonomous systems (ASes) in an inter-domain routing system. Routing propagation violating the export policy agreements among the ASes is likely to cause route leaks, ultimately leading to serious consequences such as network interruption, traffic eavesdropping, and link overload. Verifying routing policy compliance is thus essential for ensuring the security and stability of the inter-domain routing system. However, the dual requirements of ASes for the autonomous configuration and privacy protection of local routing policies increase the difficulty in verifying routing policy compliance and consequently pose a hard problem that remains to be settled properly in the field of inter-domain routing security. This study proposes a blockchain-based verification method for inter-domain routing policy compliance. With blockchain and the cryptographic technology as trust endorsements, this method enables ASes to publish, interact, verify, and execute routing policy expectations in a safe and private manner. The authenticity of the routing propagation process is ensured by generating route attestations corresponding to routing updates. Thus, the verification of routing policy compliance is completed by multi-domain cooperation. A prototype system is implemented, and experiments and analyses are carried out on real routing data. The results show that the proposed method offers traceable verification of export policy compliance of routing propagation without leaking the business relationships and local routing policies among ASes, suppresses policy-violating routing propagation effectively with reasonable overhead, and maintains a remarkable ability to suppress policy-violating routing even in partial deployment scenarios.

    参考文献
    相似文献
    引证文献
引用本文

陈迪,邱菡,朱俊虎,王清贤,樊松委.基于区块链的域间路由策略符合性验证方法.软件学报,2023,34(9):4336-4350

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2020-11-17
  • 最后修改日期:2021-06-03
  • 录用日期:
  • 在线发布日期: 2023-02-08
  • 出版日期: 2023-09-06
文章二维码
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号