IPchain: Securing IP Prefix Allocation and Delegation with Blockchain

@article{Pailliss2018IPchainSI,
  title={IPchain: Securing IP Prefix Allocation and Delegation with Blockchain},
  author={Jordi Pailliss{\'e} and Miquel Ferriol and {\'E}ric Garcia and Hamid Latif and Carlos Piris and Albert Lopez-Bresco and Brenden Kuerbis and Alberto Rodr{\'i}guez-Natal and Vina Ermagan and Fabio Maino and Albert Cabellos-Aparicio},
  journal={2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)},
  year={2018},
  pages={1236-1243}
}
  • Jordi Paillissé, Miquel Ferriol, A. Cabellos-Aparicio
  • Published 11 May 2018
  • Computer Science
  • 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
We present IPchain, a blockchain to store the allocations and delegations of IP addresses, with the aim of easing the deployment of secure interdomain routing systems. Interdomain routing security is of vital importance to the Internet since it prevents unwanted traffic redirections. IPchain makes use of blockchains' properties to provide flexible trust models and simplified management when compared to existing systems. In this paper we argue that Proof of Stake is a suitable consensus… 

Figures from this paper

Distributed Access Control with Blockchain

An extension to Group-Based Policy — a widely used network policy language-for multi-administrative domains, taking advantage of a permissioned blockchain implementation (Hyperledger Fabric) to distribute access control policies in a secure and auditable manner, preserving at the same time the independence of each organization.

Privacy Preserving and Resilient RPKI

This work proposes the first distributed RPKI system, based on threshold signatures, that requires the coordination of a number of RIRs to make changes to RPKI objects; hence, preventing unilateral prefix takedown.

BGPcoin: Blockchain-Based Internet Number Resource Authority and BGP Security Solution

This work proposes a blockchain-based Internet number resource authority and trustworthy management solution, named BGPcoin, to facilitate the transparency of BGP security and provides a reliable origin advertisement source for origin authentication by dispensing resource allocations and revocations compliantly against IP prefix hijacking.

BlockJack: Towards Improved Prevention of IP Prefix Hijacking Attacks in Inter-Domain Routing Via Blockchain

The Evaluation results show that BlockJack is able to handle multiple attacks caused by AS paths changes during a BGP prefix hijacking and is resilient to dynamic routing path changes during the occurrence of the IP prefix hijack in the routing tables.

Public Blockchain - a Systematic literature Review on the Sustainability of consensus Algorithms

This work provides a systematic summary of consensus algorithms for public blockchains derived from the scientific literature as well as real-world applications and systematize them according to their research focus.

The Trusted and Decentralized Network Resource Management

This paper designs a trusted authentication scheme that includes voting policy, endorsement, credibility model and rebinding mechanism to ensure the credibility of entities and the experimental results verify the feasibility and security of the scheme.

Address Protection-as-a-Service an Inter-AS Framework for IP Spoofing Resilience

This study transforms the inter-AS source address validation into an "address protection" service, and it is proved that the service is acceptable for triggering economics-driven implementation under the guidance of the apf framework.

Results and Achievements of the ALLIANCE Project: New Network Solutions for 5G and Beyond

Two networking solutions for 5G and beyond 5G (B5G), such as Software Defined Networking/Network Function Virtualisation (SDN/NFV) on top of an ultra-high-capacity spatially and spectrally flexible all-optical network infrastructure, and the clean-slate Recursive Inter-Network Architecture (RINA) over packet networks, including access, metro, core and DC segments are presented.

Validating IP Prefixes and AS-Paths with Blockchains

A Blockchain-based system that can be used to validate both of these resource types, can work passively and does not require any changes in the inter-domain routing system (BGP, RPKI), and can be combined with currently available systems for the detection and mitigation of routing attacks.

Limiting the Power of RPKI Authorities

This work design and implement a distributed RPKI system that relies on threshold signatures that ensures that any change to the RPKI certificates requires a joint action by a number of RIRs, avoiding unilateral IP address takedowns.

References

SHOWING 1-10 OF 38 REFERENCES

Decentralized name-based security for content distribution using blockchains

In this work, Hierarchical Identity Based Encryption is used to build (content) name-based security mechanisms used for securely distributing content and each user maintains his own Private Key Generator used for generating the master secret key and the public system parameters required by the HIBE algorithm.

Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol

“Ouroboros” is presented, the first blockchain protocol based on proof of stake with rigorous security guarantees and it is proved that, given this mechanism, honest behavior is an approximate Nash equilibrium, thus neutralizing attacks such as selfish mining.

Blockstack: A Global Naming and Storage System Secured by Blockchains

This paper describes the experiences operating a large deployment of a decentralized PKI service built on top of the Namecoin blockchain, and presents various challenges pertaining to network reliability, throughput, and security that were needed to overcome while registering and updating over 33,000 entries and 200,000 transactions on the Namecoins blockchain.

The Internet Blockchain: A Distributed, Tamper-Resistant Transaction Framework for the Internet

The key advantages of such an approach include the elimination of any PKI-like root of trust, a verifiable and distributed transaction history log, multi-signature based authorizations for enhanced security, easy extensibility and scriptable programmability to secure new types of Internet resources and potential for a built in cryptocurrency.

Blockchains and Smart Contracts for the Internet of Things

The conclusion is that the blockchain-IoT combination is powerful and can cause significant transformations across several industries, paving the way for new business models and novel, distributed applications.

Internet routing registries, data governance, and security

Institutional economics is used to examine internet routing registries, which are used by network operators to mitigate the security flaws in BGP, and compared to other methods of governing routing data in a way that enhances internet security, such as Resource Public Key Infrastructure and Border Gateway Protocol Security.

Blockchain Based Access Control

A new approach based on blockchain technology to publish the policies expressing the right to access a resource and to allow the distributed transfer of such right among users is proposed.

RPKI Deployment: Risks and Alternative Solutions

This paper attempts to collect and analyze the most critical risks appeared during the RPKI deployment, and summarize the alternative solutions which have been presented to address or mitigate these risks.

A tutorial on blockchain and applications to secure network control-planes

This paper presents blockchain and discusses key applications to network systems in the literature and its application to other systems than the cryptocurrency one.

Casper the Friendly Finality Gadget

Casper is a partial consensus mechanism combining proof of stake algorithm research and Byzantine fault tolerant consensus theory, which provides almost any proof of work chain with additional protections against block reversions.