RPKI Defense Capability Simulation Method Based on Container Virtualization
As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from hi...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-09-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/14/18/8408 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850259023284142080 |
|---|---|
| author | Bo Yu Xingyuan Liu Xiaofeng Wang |
| author_facet | Bo Yu Xingyuan Liu Xiaofeng Wang |
| author_sort | Bo Yu |
| collection | DOAJ |
| description | As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from high costs and insufficient flexibility. Thus, we propose an efficient BGP simulated network deployment system based on a virtualization technology called the SOD–BGP. This system, combining cloud computing and virtualization technologies, creates a scalable, highly flexible basic network environment that allows for the automated simulation and evaluation of actual BGP prefix hijacking attack scenarios. A Resource Public Key Infrastructure (RPKI) simulation suite is introduced into the system, emulating a certificate issuance system, certificate storage, and a certificate synchronization verification mechanism, thus aligning the simulation environment with real-world usage scenarios. Finally, we propose a data collection and performance evaluation technique to evaluate BGP networks deploying RPKI under different attack scenarios and to explore the effectiveness of RPKI defense mechanisms at various deployment rates. A comparative analysis with other simulation techniques demonstrates that our approach achieves a balanced performance in terms of deployment speed, complexity, and RPKI integrity, providing a solid simulation technology foundation for large-scale BGP security defense strategies. |
| format | Article |
| id | doaj-art-ba737080b9ea4cdcac769f6b5a961030 |
| institution | OA Journals |
| issn | 2076-3417 |
| language | English |
| publishDate | 2024-09-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-ba737080b9ea4cdcac769f6b5a9610302025-08-20T01:55:58ZengMDPI AGApplied Sciences2076-34172024-09-011418840810.3390/app14188408RPKI Defense Capability Simulation Method Based on Container VirtualizationBo Yu0Xingyuan Liu1Xiaofeng Wang2School of Artificial Intelligence and Compute Science, Jiangnan University, Wuxi 214122, ChinaSchool of Artificial Intelligence and Compute Science, Jiangnan University, Wuxi 214122, ChinaSchool of Artificial Intelligence and Compute Science, Jiangnan University, Wuxi 214122, ChinaAs the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from high costs and insufficient flexibility. Thus, we propose an efficient BGP simulated network deployment system based on a virtualization technology called the SOD–BGP. This system, combining cloud computing and virtualization technologies, creates a scalable, highly flexible basic network environment that allows for the automated simulation and evaluation of actual BGP prefix hijacking attack scenarios. A Resource Public Key Infrastructure (RPKI) simulation suite is introduced into the system, emulating a certificate issuance system, certificate storage, and a certificate synchronization verification mechanism, thus aligning the simulation environment with real-world usage scenarios. Finally, we propose a data collection and performance evaluation technique to evaluate BGP networks deploying RPKI under different attack scenarios and to explore the effectiveness of RPKI defense mechanisms at various deployment rates. A comparative analysis with other simulation techniques demonstrates that our approach achieves a balanced performance in terms of deployment speed, complexity, and RPKI integrity, providing a solid simulation technology foundation for large-scale BGP security defense strategies.https://www.mdpi.com/2076-3417/14/18/8408RPKInetwork simulationBGPvirtualizationroute hijacking |
| spellingShingle | Bo Yu Xingyuan Liu Xiaofeng Wang RPKI Defense Capability Simulation Method Based on Container Virtualization Applied Sciences RPKI network simulation BGP virtualization route hijacking |
| title | RPKI Defense Capability Simulation Method Based on Container Virtualization |
| title_full | RPKI Defense Capability Simulation Method Based on Container Virtualization |
| title_fullStr | RPKI Defense Capability Simulation Method Based on Container Virtualization |
| title_full_unstemmed | RPKI Defense Capability Simulation Method Based on Container Virtualization |
| title_short | RPKI Defense Capability Simulation Method Based on Container Virtualization |
| title_sort | rpki defense capability simulation method based on container virtualization |
| topic | RPKI network simulation BGP virtualization route hijacking |
| url | https://www.mdpi.com/2076-3417/14/18/8408 |
| work_keys_str_mv | AT boyu rpkidefensecapabilitysimulationmethodbasedoncontainervirtualization AT xingyuanliu rpkidefensecapabilitysimulationmethodbasedoncontainervirtualization AT xiaofengwang rpkidefensecapabilitysimulationmethodbasedoncontainervirtualization |