| 基于区块链的域间路由策略符合性验证方法 |
| |
| 引用本文: | 陈迪,邱菡,朱俊虎,王清贤,樊松委.基于区块链的域间路由策略符合性验证方法[J].软件学报,2023,34(9):4336-4350. |
| |
| 作者姓名: | 陈迪 邱菡 朱俊虎 王清贤 樊松委 |
| |
| 作者单位: | 中国人民解放军战略支援部队信息工程大学, 河南 郑州 450002;数学工程与先进计算国家重点实验室, 河南 郑州 450002;电子信息系统复杂电磁环境效应国家重点实验室, 河南 洛阳 471003;郑州大学 软件学院, 河南 郑州 450003 |
| |
| 基金项目: | 国家自然科学基金(61502528, 61902447) |
| |
| 摘 要: | 域间路由系统自治域(ASes)间具有不同的商业关系和路由策略.违反自治域间出站策略协定的路由传播可能引发路由泄露,进而导致网络中断、流量窃听、链路过载等严重后果.路由策略符合性验证对于保证域间路由系统安全性和稳定性至关重要.但自治域对本地路由策略自主配置与隐私保护的双重需求增加了验证路由策略符合性的难度,使其一直是域间路由安全领域尚未妥善解决的难点问题.提出一种基于区块链的域间路由策略符合性验证方法.该方法以区块链和密码学技术作为信任背书,使自治域能够以安全和隐私的方式发布、交互、验证和执行路由策略期望,通过生成对应路由更新的路由证明,保证路由传播过程的真实性,从而以多方协同的方式完成路由策略符合性验证.通过实现原型系统并基于真实路由数据开展实验与分析,结果表明该方法可以在不泄露自治域商业关系和本地路由策略的前提下针对路由传播出站策略符合性进行可追溯的验证,以合理的开销有效抑制策略违规路由传播,在局部部署情况下也具有显著的策略违规路由抑制能力.
|
| 关 键 词: | 域间路由安全 区块链 路由策略符合性 路由认证 |
| 收稿时间: | 2020/11/17 0:00:00 |
| 修稿时间: | 2021/6/3 0:00:00 |
Blockchain-based Validation Method for Inter-domain Routing Policy Compliance |
| |
| CHEN Di,QIU Han,ZHU Jun-Hu,WANG Qing-Xian,FAN Song-Wei.Blockchain-based Validation Method for Inter-domain Routing Policy Compliance[J].Journal of Software,2023,34(9):4336-4350. |
| |
| Authors: | CHEN Di QIU Han ZHU Jun-Hu WANG Qing-Xian FAN Song-Wei |
| |
| Affiliation: | Information Engineering University, Zhengzhou 450002, China;State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, China;State Key Laboratory of Complex Electromagnetic Environment Effects on Electronics and Information System, Luoyang 471003, China; School of Software, Zhengzhou University, Zhengzhou 450003, China |
| |
| Abstract: | Various business relationships and routing policies exist among the autonomous systems (ASes) in an inter-domain routing system. Routing propagation violating the export policy agreements among the ASes is likely to cause route leaks, ultimately leading to serious consequences such as network interruption, traffic eavesdropping, and link overload. Verifying routing policy compliance is thus essential for ensuring the security and stability of the inter-domain routing system. However, the dual requirements of ASes for the autonomous configuration and privacy protection of local routing policies increase the difficulty in verifying routing policy compliance and consequently pose a hard problem that remains to be settled properly in the field of inter-domain routing security. This study proposes a blockchain-based verification method for inter-domain routing policy compliance. With blockchain and the cryptographic technology as trust endorsements, this method enables ASes to publish, interact, verify, and execute routing policy expectations in a safe and private manner. The authenticity of the routing propagation process is ensured by generating route attestations corresponding to routing updates. Thus, the verification of routing policy compliance is completed by multi-domain cooperation. A prototype system is implemented, and experiments and analyses are carried out on real routing data. The results show that the proposed method offers traceable verification of export policy compliance of routing propagation without leaking the business relationships and local routing policies among ASes, suppresses policy-violating routing propagation effectively with reasonable overhead, and maintains a remarkable ability to suppress policy-violating routing even in partial deployment scenarios. |
| |
| Keywords: | inter-domain routing security blockchain routing policy compliance route attestation |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
