Publicação
Securing the Internet at the Exchange Points
| datacite.subject.fos | Departamento de Informática | pt_PT |
| dc.contributor.advisor | Bessani, Alysson Neves, 1978- | |
| dc.contributor.advisor | Ramos, Fernando Manuel Valente | |
| dc.contributor.author | Vale, Tomás Joaquim Gonçalves Peixinho do | |
| dc.date.accessioned | 2023-03-27T11:58:06Z | |
| dc.date.available | 2023-03-27T11:58:06Z | |
| dc.date.issued | 2023 | |
| dc.date.submitted | 2022 | |
| dc.description | Tese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores), 2022, Universidade de Lisboa, Faculdade de Ciências | pt_PT |
| dc.description.abstract | BGP, the border gateway protocol, is the inter-domain routing protocol that glues the Internet. Despite its importance, it has well-known security problems. Frequently, the BGP infrastructure is the target of prefix hijacking and path manipulation attacks. These attacks disrupt the normal functioning of the Internet by either redirecting the traffic, potentially allowing eavesdropping, or even preventing it from reaching its destination altogether, affecting availability. These problems result from the lack of a fundamental security mechanism: the ability to validate the information in routing announcements. Specifically, it does not authenticate the prefix origin nor the validity of the announced routes. This means that an intermediate network that intercepts a BGP announcement can maliciously announce an IP prefix that it does not own as theirs, or insert a bogus path to a prefix with the goal to intercept traffic. Several solutions have been proposed in the past, but they all have limitations, of which the most severe is arguably the requirement to perform drastic changes on the existing BGP infrastructure (i.e., requiring the replacement of existing equipment). In addition, most solutions require their widespread adoption to be effective. Finally, they typically require secure communication channels between the participant routers, which entails computationally-intensive cryptographic verification capabilities that are normally unavailable in this type of equipment. With these challenges in mind, this thesis proposes to investigate the possibility to improve BGP security by leveraging the software-defined networking (SDN) technology that is increasingly common at Internet Exchange Points (IXPs). These interconnection facilities are single locations that typically connect hundreds to thousands of networks, working as Internet “middlemen” ideally placed to implement inter-network mechanisms, such as security, without requiring changes to the network operators’ infrastructure. Our key idea is to include a secure channel between IXPs that, by running in the SDN server that controls these modern infrastructures, avoids the cryptographic requirements in the routers. In our solution, the secure channel for communication implements a distributed ledger (a blockchain), for decentralized trust and its other inherent guarantees. The rationale is that by increasing trust and avoiding expensive infrastructure updates, we hope to create incentives for operators to adhere to these new IXP-enhanced security services. | pt_PT |
| dc.identifier.tid | 203493672 | |
| dc.identifier.uri | http://hdl.handle.net/10451/56826 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | BGP | pt_PT |
| dc.subject | IXP | pt_PT |
| dc.subject | SDN | pt_PT |
| dc.subject | AS | pt_PT |
| dc.subject | segurança | pt_PT |
| dc.subject | protocolo de roteamento | pt_PT |
| dc.subject | roubo de prefixo | pt_PT |
| dc.subject | manipulação de rotas | pt_PT |
| dc.subject | blockchain | pt_PT |
| dc.subject | smart contract | pt_PT |
| dc.subject | Hyperledger Fabric | pt_PT |
| dc.subject | Teses de mestrado - 2023 | pt_PT |
| dc.title | Securing the Internet at the Exchange Points | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Tese de mestrado, Engenharia Informática (Arquitectura, Sistemas e Redes de Computadores) | pt_PT |