Securing the Internet at the Exchange Points
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10451/56826 |
Resumo: | Tese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores), 2022, Universidade de Lisboa, Faculdade de Ciências |
id |
RCAP_b3a062ba36a6a384d0f02b7377e53131 |
---|---|
oai_identifier_str |
oai:repositorio.ul.pt:10451/56826 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Securing the Internet at the Exchange PointsBGPIXPSDNASsegurançaprotocolo de roteamentoroubo de prefixomanipulação de rotasblockchainsmart contractHyperledger FabricTeses de mestrado - 2022Departamento de InformáticaTese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores), 2022, Universidade de Lisboa, Faculdade de CiênciasBGP, the border gateway protocol, is the inter-domain routing protocol that glues the Internet. Despite its importance, it has well-known security problems. Frequently, the BGP infrastructure is the target of prefix hijacking and path manipulation attacks. These attacks disrupt the normal functioning of the Internet by either redirecting the traffic, potentially allowing eavesdropping, or even preventing it from reaching its destination altogether, affecting availability. These problems result from the lack of a fundamental security mechanism: the ability to validate the information in routing announcements. Specifically, it does not authenticate the prefix origin nor the validity of the announced routes. This means that an intermediate network that intercepts a BGP announcement can maliciously announce an IP prefix that it does not own as theirs, or insert a bogus path to a prefix with the goal to intercept traffic. Several solutions have been proposed in the past, but they all have limitations, of which the most severe is arguably the requirement to perform drastic changes on the existing BGP infrastructure (i.e., requiring the replacement of existing equipment). In addition, most solutions require their widespread adoption to be effective. Finally, they typically require secure communication channels between the participant routers, which entails computationally-intensive cryptographic verification capabilities that are normally unavailable in this type of equipment. With these challenges in mind, this thesis proposes to investigate the possibility to improve BGP security by leveraging the software-defined networking (SDN) technology that is increasingly common at Internet Exchange Points (IXPs). These interconnection facilities are single locations that typically connect hundreds to thousands of networks, working as Internet “middlemen” ideally placed to implement inter-network mechanisms, such as security, without requiring changes to the network operators’ infrastructure. Our key idea is to include a secure channel between IXPs that, by running in the SDN server that controls these modern infrastructures, avoids the cryptographic requirements in the routers. In our solution, the secure channel for communication implements a distributed ledger (a blockchain), for decentralized trust and its other inherent guarantees. The rationale is that by increasing trust and avoiding expensive infrastructure updates, we hope to create incentives for operators to adhere to these new IXP-enhanced security services.Bessani, Alysson Neves, 1978-Ramos, Fernando Manuel ValenteRepositório da Universidade de LisboaVale, Tomás Joaquim Gonçalves Peixinho do2023-03-27T11:58:06Z202220222022-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10451/56826enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-11-08T17:04:49Zoai:repositorio.ul.pt:10451/56826Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T22:07:22.864826Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Securing the Internet at the Exchange Points |
title |
Securing the Internet at the Exchange Points |
spellingShingle |
Securing the Internet at the Exchange Points Vale, Tomás Joaquim Gonçalves Peixinho do BGP IXP SDN AS segurança protocolo de roteamento roubo de prefixo manipulação de rotas blockchain smart contract Hyperledger Fabric Teses de mestrado - 2022 Departamento de Informática |
title_short |
Securing the Internet at the Exchange Points |
title_full |
Securing the Internet at the Exchange Points |
title_fullStr |
Securing the Internet at the Exchange Points |
title_full_unstemmed |
Securing the Internet at the Exchange Points |
title_sort |
Securing the Internet at the Exchange Points |
author |
Vale, Tomás Joaquim Gonçalves Peixinho do |
author_facet |
Vale, Tomás Joaquim Gonçalves Peixinho do |
author_role |
author |
dc.contributor.none.fl_str_mv |
Bessani, Alysson Neves, 1978- Ramos, Fernando Manuel Valente Repositório da Universidade de Lisboa |
dc.contributor.author.fl_str_mv |
Vale, Tomás Joaquim Gonçalves Peixinho do |
dc.subject.por.fl_str_mv |
BGP IXP SDN AS segurança protocolo de roteamento roubo de prefixo manipulação de rotas blockchain smart contract Hyperledger Fabric Teses de mestrado - 2022 Departamento de Informática |
topic |
BGP IXP SDN AS segurança protocolo de roteamento roubo de prefixo manipulação de rotas blockchain smart contract Hyperledger Fabric Teses de mestrado - 2022 Departamento de Informática |
description |
Tese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores), 2022, Universidade de Lisboa, Faculdade de Ciências |
publishDate |
2022 |
dc.date.none.fl_str_mv |
2022 2022 2022-01-01T00:00:00Z 2023-03-27T11:58:06Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10451/56826 |
url |
http://hdl.handle.net/10451/56826 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799134627391078400 |