Securing the Internet at the Exchange Points

Detalhes bibliográficos
Autor(a) principal: Vale, Tomás Joaquim Gonçalves Peixinho do
Data de Publicação: 2022
Tipo de documento: Dissertação
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10451/56826
Resumo: Tese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores), 2022, Universidade de Lisboa, Faculdade de Ciências
id RCAP_b3a062ba36a6a384d0f02b7377e53131
oai_identifier_str oai:repositorio.ul.pt:10451/56826
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Securing the Internet at the Exchange PointsBGPIXPSDNASsegurançaprotocolo de roteamentoroubo de prefixomanipulação de rotasblockchainsmart contractHyperledger FabricTeses de mestrado - 2022Departamento de InformáticaTese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores), 2022, Universidade de Lisboa, Faculdade de CiênciasBGP, the border gateway protocol, is the inter-domain routing protocol that glues the Internet. Despite its importance, it has well-known security problems. Frequently, the BGP infrastructure is the target of prefix hijacking and path manipulation attacks. These attacks disrupt the normal functioning of the Internet by either redirecting the traffic, potentially allowing eavesdropping, or even preventing it from reaching its destination altogether, affecting availability. These problems result from the lack of a fundamental security mechanism: the ability to validate the information in routing announcements. Specifically, it does not authenticate the prefix origin nor the validity of the announced routes. This means that an intermediate network that intercepts a BGP announcement can maliciously announce an IP prefix that it does not own as theirs, or insert a bogus path to a prefix with the goal to intercept traffic. Several solutions have been proposed in the past, but they all have limitations, of which the most severe is arguably the requirement to perform drastic changes on the existing BGP infrastructure (i.e., requiring the replacement of existing equipment). In addition, most solutions require their widespread adoption to be effective. Finally, they typically require secure communication channels between the participant routers, which entails computationally-intensive cryptographic verification capabilities that are normally unavailable in this type of equipment. With these challenges in mind, this thesis proposes to investigate the possibility to improve BGP security by leveraging the software-defined networking (SDN) technology that is increasingly common at Internet Exchange Points (IXPs). These interconnection facilities are single locations that typically connect hundreds to thousands of networks, working as Internet “middlemen” ideally placed to implement inter-network mechanisms, such as security, without requiring changes to the network operators’ infrastructure. Our key idea is to include a secure channel between IXPs that, by running in the SDN server that controls these modern infrastructures, avoids the cryptographic requirements in the routers. In our solution, the secure channel for communication implements a distributed ledger (a blockchain), for decentralized trust and its other inherent guarantees. The rationale is that by increasing trust and avoiding expensive infrastructure updates, we hope to create incentives for operators to adhere to these new IXP-enhanced security services.Bessani, Alysson Neves, 1978-Ramos, Fernando Manuel ValenteRepositório da Universidade de LisboaVale, Tomás Joaquim Gonçalves Peixinho do2023-03-27T11:58:06Z202220222022-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/56826enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T17:04:49Zoai:repositorio.ul.pt:10451/56826Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:07:22.864826Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Securing the Internet at the Exchange Points
title Securing the Internet at the Exchange Points
spellingShingle Securing the Internet at the Exchange Points
Vale, Tomás Joaquim Gonçalves Peixinho do
BGP
IXP
SDN
AS
segurança
protocolo de roteamento
roubo de prefixo
manipulação de rotas
blockchain
smart contract
Hyperledger Fabric
Teses de mestrado - 2022
Departamento de Informática
title_short Securing the Internet at the Exchange Points
title_full Securing the Internet at the Exchange Points
title_fullStr Securing the Internet at the Exchange Points
title_full_unstemmed Securing the Internet at the Exchange Points
title_sort Securing the Internet at the Exchange Points
author Vale, Tomás Joaquim Gonçalves Peixinho do
author_facet Vale, Tomás Joaquim Gonçalves Peixinho do
author_role author
dc.contributor.none.fl_str_mv Bessani, Alysson Neves, 1978-
Ramos, Fernando Manuel Valente
Repositório da Universidade de Lisboa
dc.contributor.author.fl_str_mv Vale, Tomás Joaquim Gonçalves Peixinho do
dc.subject.por.fl_str_mv BGP
IXP
SDN
AS
segurança
protocolo de roteamento
roubo de prefixo
manipulação de rotas
blockchain
smart contract
Hyperledger Fabric
Teses de mestrado - 2022
Departamento de Informática
topic BGP
IXP
SDN
AS
segurança
protocolo de roteamento
roubo de prefixo
manipulação de rotas
blockchain
smart contract
Hyperledger Fabric
Teses de mestrado - 2022
Departamento de Informática
description Tese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores), 2022, Universidade de Lisboa, Faculdade de Ciências
publishDate 2022
dc.date.none.fl_str_mv 2022
2022
2022-01-01T00:00:00Z
2023-03-27T11:58:06Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10451/56826
url http://hdl.handle.net/10451/56826
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134627391078400

Registros relacionados