RPKI Defense Capability Simulation Method Based on Container Virtualization

RPKI Defense Capability Simulation Method Based on Container Virtualization

As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from hi...

Full description

Saved in:
Bibliographic Details
Main Authors: Bo Yu, Xingyuan Liu, Xiaofeng Wang
Format: Article
Language:English
Published: MDPI AG 2024-09-01
Series:Applied Sciences
Subjects:
RPKI
network simulation
BGP
virtualization
route hijacking
Online Access:https://www.mdpi.com/2076-3417/14/18/8408
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from high costs and insufficient flexibility. Thus, we propose an efficient BGP simulated network deployment system based on a virtualization technology called the SOD–BGP. This system, combining cloud computing and virtualization technologies, creates a scalable, highly flexible basic network environment that allows for the automated simulation and evaluation of actual BGP prefix hijacking attack scenarios. A Resource Public Key Infrastructure (RPKI) simulation suite is introduced into the system, emulating a certificate issuance system, certificate storage, and a certificate synchronization verification mechanism, thus aligning the simulation environment with real-world usage scenarios. Finally, we propose a data collection and performance evaluation technique to evaluate BGP networks deploying RPKI under different attack scenarios and to explore the effectiveness of RPKI defense mechanisms at various deployment rates. A comparative analysis with other simulation techniques demonstrates that our approach achieves a balanced performance in terms of deployment speed, complexity, and RPKI integrity, providing a solid simulation technology foundation for large-scale BGP security defense strategies.
ISSN:2076-3417

Similar Items