RPKI Defense Capability Simulation Method Based on Container Virtualization

Q1 Mathematics

Applied Sciences Pub Date : 2024-09-18 DOI:10.3390/app14188408

Bo Yu, Xingyuan Liu, Xiaofeng Wang

{"title":"RPKI Defense Capability Simulation Method Based on Container Virtualization","authors":"Bo Yu, Xingyuan Liu, Xiaofeng Wang","doi":"10.3390/app14188408","DOIUrl":null,"url":null,"abstract":"As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from high costs and insufficient flexibility. Thus, we propose an efficient BGP simulated network deployment system based on a virtualization technology called the SOD–BGP. This system, combining cloud computing and virtualization technologies, creates a scalable, highly flexible basic network environment that allows for the automated simulation and evaluation of actual BGP prefix hijacking attack scenarios. A Resource Public Key Infrastructure (RPKI) simulation suite is introduced into the system, emulating a certificate issuance system, certificate storage, and a certificate synchronization verification mechanism, thus aligning the simulation environment with real-world usage scenarios. Finally, we propose a data collection and performance evaluation technique to evaluate BGP networks deploying RPKI under different attack scenarios and to explore the effectiveness of RPKI defense mechanisms at various deployment rates. A comparative analysis with other simulation techniques demonstrates that our approach achieves a balanced performance in terms of deployment speed, complexity, and RPKI integrity, providing a solid simulation technology foundation for large-scale BGP security defense strategies.","PeriodicalId":8224,"journal":{"name":"Applied Sciences","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/app14188408","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Mathematics","Score":null,"Total":0}

引用次数: 0

Abstract

As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from high costs and insufficient flexibility. Thus, we propose an efficient BGP simulated network deployment system based on a virtualization technology called the SOD–BGP. This system, combining cloud computing and virtualization technologies, creates a scalable, highly flexible basic network environment that allows for the automated simulation and evaluation of actual BGP prefix hijacking attack scenarios. A Resource Public Key Infrastructure (RPKI) simulation suite is introduced into the system, emulating a certificate issuance system, certificate storage, and a certificate synchronization verification mechanism, thus aligning the simulation environment with real-world usage scenarios. Finally, we propose a data collection and performance evaluation technique to evaluate BGP networks deploying RPKI under different attack scenarios and to explore the effectiveness of RPKI defense mechanisms at various deployment rates. A comparative analysis with other simulation techniques demonstrates that our approach achieves a balanced performance in terms of deployment speed, complexity, and RPKI integrity, providing a solid simulation technology foundation for large-scale BGP security defense strategies.

查看原文本刊更多论文

基于容器虚拟化的 RPKI 防御能力仿真方法

作为当今互联网的主要域间路由协议，边界网关协议（BGP）在实际使用过程中面临着严重的安全风险。对 BGP 恶意攻击方法的研究需要真实的网络环境，而基于物理网络的评估方法往往存在成本高、灵活性不足等问题。因此，我们提出了一种基于虚拟化技术的高效 BGP 模拟网络部署系统，称为 SOD-BGP。该系统结合了云计算和虚拟化技术，创建了一个可扩展、高度灵活的基础网络环境，可自动模拟和评估实际的 BGP 前缀劫持攻击场景。系统还引入了资源公钥基础设施（RPKI）仿真套件，模拟证书签发系统、证书存储和证书同步验证机制，从而使仿真环境与真实世界的使用场景保持一致。最后，我们提出了一种数据收集和性能评估技术，以评估在不同攻击场景下部署 RPKI 的 BGP 网络，并探索不同部署率下 RPKI 防御机制的有效性。与其他仿真技术的对比分析表明，我们的方法在部署速度、复杂性和 RPKI 完整性方面实现了性能平衡，为大规模 BGP 安全防御策略提供了坚实的仿真技术基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Applied Sciences Mathematics-Applied Mathematics

CiteScore

6.40

自引率

0.00%

发文量

审稿时长

11 weeks

期刊介绍： APPS is an international journal. APPS covers a wide spectrum of pure and applied mathematics in science and technology, promoting especially papers presented at Carpato-Balkan meetings. The Editorial Board of APPS takes a very active role in selecting and refereeing papers, ensuring the best quality of contemporary mathematics and its applications. APPS is abstracted in Zentralblatt für Mathematik. The APPS journal uses Double blind peer review.