In recent years, with the continuous expansion of metropolitan area networks, the routing security problem has become more and more serious. In particular, promise-violating attack to inter-domain routing protocol is one of the most difficult attacks to defend, which always leads to serious consequences, such as maliciously attracting traffic and disrupting the network. To deal with such attack, current research generally adopts routing verification. However, it can only detect attacks violating a specific routing policy triggered by one malicious node, and no research has yet solved the problem caused by multiple collusion nodes. In this paper, we propose BRVM, a blockchain-based routing verification model, to address the issue that violating the shortest AS Path policy. The main idea of BRVM is to construct a route proof chain to verify whether a route violates the policy with the help of the blockchain technology. The precondition that avoiding the collusion attack is that the proportion of the malicious verification nodes is lower than the fault tolerance rate of the consensus algorithm. Then, we prove the correctness of BRVM in theory, and implement a prototype based on Quagga and Hyperledger Fabric. Some experiments on this prototype show that BRVM can indeed solve the promise-violating problem caused by multiple collusion nodes, and about 15.5% faster in performance compared with SPIDeR.

近年来，随着城域网的不断扩展，路由安全问题变得越来越严重。尤其是，对域间路由协议的违反承诺的攻击是最难以防御的攻击之一，它始终会导致严重的后果，例如恶意吸引流量和破坏网络。为了应对这种攻击，当前的研究通常采用路由验证。但是，它只能检测到由一个恶意节点触发的违反特定路由策略的攻击，并且还没有研究解决由多个共谋节点引起的问题。在本文中，我们提出了基于区块链的路由验证模型BRVM，以解决违反最短AS路径策略的问题。BRVM的主要思想是借助区块链技术构建一条路线证明链，以验证一条路线是否违反政策。避免串通攻击的前提是恶意验证节点所占比例低于共识算法的容错率。然后，我们从理论上证明了BRVM的正确性，并实现了基于Quagga和Hyperledger Fabric的原型。在此原型上进行的一些实验表明，BRVM确实可以解决由多个共谋节点引起的违反承诺的问题，并且与SPIDeR相比，性能提高了约15.5％。避免串通攻击的前提是恶意验证节点所占比例低于共识算法的容错率。然后，我们从理论上证明了BRVM的正确性，并实现了基于Quagga和Hyperledger Fabric的原型。在此原型上进行的一些实验表明，BRVM确实可以解决由多个共谋节点引起的违反承诺的问题，并且与SPIDeR相比，性能提高了约15.5％。避免串通攻击的前提是恶意验证节点所占比例低于共识算法的容错率。然后，我们从理论上证明了BRVM的正确性，并实现了基于Quagga和Hyperledger Fabric的原型。在此原型上进行的一些实验表明，BRVM确实可以解决由多个共谋节点引起的违反承诺的问题，并且与SPIDeR相比，性能提高了约15.5％。