Validating BGP Update Using Blockchain-Based Infrastructure

A number of solutions have been proposed to secure the Border Gateway Routing (BGP) protocol by validating BGP update path and origin information. These solutions make use of centralized database, centralized Public Key Infrastructure (PKI) and some conventional PGP variants as their security mechanism. These solutions are prone to successful attack by state actors and often build database to verifying BGP updates without proper means of validating data stored in this database. Therefore, there is a need for alternative approach to secure the BGP routing protocol. In this chapter, we propose a blockchain based technology used to create a distributed or decentralized immutable database that relies on consensus of participating Autonomous System (AS), to build this blockchain. Every BGP route update received by an AS peer is validated against the content of the blockchain distributed database to detect updates with falsified path and origin information. The limitation of throughput and scalability associated with the blockchain would not affect the proposed blockchain solution once it is fully operational. This is because the data stored in the distributed ledger has a frequency or rate of change that is far lower than that of the blockchain transaction rate. Furthermore, with the blockchain solution, the centralized PKI root of trust is eliminated and AS are now capable of detecting and mitigating IP prefix hijack attack in real time, without outsourcing this service to a third party.