Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

Implementation of BGP and Resource Public Key Infrastructure using BIRD for Routing Security

  • Valen Brata Pranaya Universitas Kristen Satya Wacana
  • Theophilus Wellem Universitas Kristen Satya Wacana
Keywords: Border Gateway Protocol (BGP), Resource Public Key Infrastructure (RPKI), Bird Internet Routing Daemon (BIRD), RPKI Validator

Abstract

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.

 

Downloads

Download data is not yet available.

References

Rekhter Y.; Li T. and Hares S., “A Border Gateway Protocol 4 (BGP-4),” 2006.

D. Walton, A. Retana, E. Chen, and J. Scudder, “Advertisement of Multiple Paths in BGP - RFC 7911,” Internet Eng. Task Force, pp. 1–8, 2016.

“Quagga Software Routing Suite.” Accessed: Nov. 08, 2021. [Online]. Available: https://www.quagga.net/.

“The BIRD Internet Routing Daemon Project.” Accessed: Sep. 29, 2021. [Online]. Available: https://bird.network.cz/.

O. Filip, M. Mareš, O. Zajíček, and J. Matějka, “BIRD Internet Routing Daemon,” [Online]. Available: http://labs.nic.cz.

M. Lepinski and S. Kent, “An Infrastructure to Support Secure Internet Routing,” Feb. 2012, doi: 10.17487/RFC6480.

ICANN, “Resource Public Key Infrastructure Technical Analysis,” 2020.

P. Sermpezis, V. Kotronis, A. Dainotti, and X. Dimitropoulos, “A survey among network operators on BGP prefix hijacking,” Comput. Commun. Rev., vol. 48, no. 1, pp. 64–69, 2018, doi: 10.1145/3211852.3211862.

“Is BGP safe yet? ·Cloudflare.” Accessed: Sep. 28, 2021. [Online]. Available: https://isbgpsafeyet.com/.

T. Chung et al., “RPKI is coming of age: A longitudinal study of RPKI deployment and invalid route origins,” Proc. ACM SIGCOMM Internet Meas. Conf. IMC, pp. 406–419, 2019, doi: 10.1145/3355369.3355596.

M. Wählisch, O. Maennel, and T. C. Schmidt, “Towards detecting BGP route hijacking using the RPKI,” Comput. Commun. Rev., vol. 42, no. 4, pp. 103–104, 2012, doi: 10.1145/2377677.2377702.

C. Lynn, S. Kent, and K. Seo, “X.509 Extensions for IP Addresses and AS Identifiers,” Jun. 2004, doi: 10.17487/RFC3779.

G. Huston and G. Michaelson, “Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs),” 2012. [Online]. Available: https://datatracker.ietf.org/doc/html/rfc6483.

R. Bush and R. Austein, “The Resource Public Key Infrastructure (RPKI) to Router Protocol,” Jan. 2013, doi: 10.17487/RFC6810.

“GNS3 Network Simulator.” https://www.gns3.com/.

H. A. Musril, “Simulasi Interkoneksi Antara Autonomous System (As) Menggunakan Border Gateway Protocol (Bgp),” InfoTekJar (Jurnal Nas. Inform. dan Teknol. Jaringan), vol. 2, no. 1, pp. 1–9, 2017, doi: 10.30743/infotekjar.v2i1.151.

A. Fathurohman, “Border Gateway Protocol (BGP) Protocol Implementation in Public Network of the Universitas Muhammadiyah Semarang,” vol. 2, no. 1, 2021.

R. D. Marcus and E. Tfuakani, “Perancangan Jaringan Skala Besar dengan Menggunakan Metode Border Gateway Protocol (BGP) Berbasis Mikrotik,” Briliant J. Ris. dan Konseptual, vol. 4, no. 3, p. 401, 2019, doi: 10.28926/briliant.v4i3.361.

Y. Gilad, A. Cohen, A. Herzberg, M. Schapira, and H. Shulman, “Are We There Yet? On RPKI’s Deployment and Security,” no. February, 2017, doi: 10.14722/ndss.2017.23123.

G. Chang, M. Arianezhad, and L. Trajkovic, “Using resource public key infrastructure for secure border gateway protocol,” Can. Conf. Electr. Comput. Eng., vol. 2016-Octob, 2016, doi: 10.1109/CCECE.2016.7726675.

C. Testart, P. Richter, A. King, A. Dainotti, and D. Clark, “To Filter or Not to Filter: Measuring the Benefits of Registering in the RPKI Today,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 12048 LNCS, pp. 71–87, 2020, doi: 10.1007/978-3-030-44081-7_5.

“NLnet Labs - RPKI Tools - Routinator.” Accessed: Oct. 05, 2021. [Online]. Available: https://www.nlnetlabs.nl/projects/rpki/routinator/.

Published
2021-12-30
How to Cite
Pranaya, V. B., & Wellem, T. (2021). Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing . Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 5(6), 1161 - 1170. https://doi.org/10.29207/resti.v5i6.3631
Section
Information Technology Articles