Adiseshu Hari
ABSTRACT
Existing security mechanisms for managing the Internet infrastructural resources like IP addresses, AS numbers, BGP advertisements and DNS mappings rely on a Public Key Infrastructure (PKI) that can be potentially compromised by state actors and Advanced Persistent Threats (APTs). Ideally the Internet infrastructure needs a distributed and tamper-resistant resource management framework which cannot be subverted by any single entity. A secure, distributed ledger enables such a mechanism and the blockchain is the best known example of distributed ledgers.
In this paper, we propose the use of a blockchain based mechanism to secure the Internet BGP and DNS infrastructure. While the blockchain has scaling issues to be overcome, the key advantages of such an approach include the elimination of any PKI-like root of trust, a verifiable and distributed transaction history log, multi-signature based authorizations for enhanced security, easy extensibility and scriptable programmability to secure new types of Internet resources and potential for a built in cryptocurrency. A tamper resistant DNS infrastructure also ensures that it is not possible for the application level PKI to spoof HTTPS traffic.
References
- 1.7 Transactions Per Second? Really? http://hashingit.com/analysis/33-7-transactions-per-second.Google Scholar
- 2.BGPSec Protocol Specification. https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-17.Google Scholar
- 3.Bitcoin Mining Pools. http://www.nytimes.com/2016/07/03/business/dealbook/bitcoin-china.html?_r=0.Google Scholar
- 4.Bitcoin Scalability. https://en.bitcoin.it/wiki/Scalability.Google Scholar
- 5.DNS Security Extensions. https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions.Google Scholar
- 6.Hashgraph. http://www.swirlds.com/wp-content/uploads/2016/06/2016-05-31-Overview-of-Swirlds-Hashgraph-1.pdf.Google Scholar
- 7.IBM ADEPT. http://www-935.ibm.com/services/multimedia/GBE03662USEN.pdf.Google Scholar
- 8.IETF DANE WG. https://datatracker.ietf.org/wg/dane/charter/.Google Scholar
- 9.NameCoin. https://namecoin.info.Google Scholar
- 10.Nuage Networks. http://www.nuagenetworks.net.Google Scholar
- 11.Payment Channels. https://en.bitcoin.it/wiki/Payment_channels.Google Scholar
- 12.Secure BGP Deployment Final Report. http://transition.fcc.gov/bureaus/pshs/advisory/csric3/CSRIC_III_WG6_Report_March_202013.pdf.Google Scholar
- 13.The BGP Instability Report. http://bgpupdates.potaroo.net/instability/bgpupd.html.Google Scholar
- 14.The Ethereum Project. www.ethereum.org.Google Scholar
- 15.The Hyperledger Project. https://en.wikipedia.org/wiki/Hyperledger.Google Scholar
- 16.University of Oregon Route Views Project. www.routeviews.org.Google Scholar
- 17.Adam Back et. al. Enabling Blockchain Innovations with Pegged Sidechains. https://blockstream.com/sidechains.pdf.Google Scholar
- 18.M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: A Global Naming and Storage System Secured by Blockchains. In 2016 USENIX Annual Technical Conference (USENIX ATC 16), pages 181–194, Denver, CO, June 2016. USENIX Association.Google Scholar
- 19.Arvind Narayanan et.al. Bitcoin and Cryptocurrency Technologies. https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton_bitcoin_book.pdf?a=1. Google ScholarDigital Library
- 20.J. Bailey, D. Pemberton, A. Linton, C. Pelsser, and R. Bush. Enforcing RPKI-based Routing Policy on the Data Plane at an Internet Exchange. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN '14. Google ScholarDigital Library
- 21.M. Castro and B. Liskov. Practical Byzantine Fault Tolerance. OSDI '99, 1999. Google ScholarDigital Library
- 22.C. Decker, J. Seidel, and R. Wattenhofer. Bitcoin Meets Strong Consistency. In Proceedings of the 17th International Conference on Distributed Computing and Networking, pages 13:1–13:10, 2016. Google ScholarDigital Library
- 23.Eleftherios Kokoris Kogias et. al. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. In 25th USENIX Security Symposium (USENIX Security 16), pages 279–296, 2016.Google Scholar
- 24.A. Elmokashfi and A. Dhamdhere. Revisiting BGP Churn Growth. ACM SIGCOMM Computer Communication Review, 44(1), 2013. Google ScholarDigital Library
- 25.I. Eyal, A. E. Gencer, E. G. Sirer, and R. Van Renesse. Bitcoin-NG: A scalable blockchain protocol. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pages 45–59, 2016. Google ScholarDigital Library
- 26.S. Goldberg. Why Is It Taking So Long To Secure Internet Routing? Communications of the ACM, 57(10):56–63, 2014. Google ScholarDigital Library
- 27.A. Gupta, N. Feamster, and L. Vanbever. Authorizing Network Control at Software Defined Internet Exchange Points. 2016.Google Scholar
- 28.D. Gupta, A. Segal, A. Panda, G. Segev, M. Schapira, J. Feigenbaum, J. Rexford, and S. Shenker. A New Approach to Interdomain Routing Based on Secure Multi-Party Computation. Hotnets'12. Google ScholarDigital Library
- 29.Gupta, Arpit et. al. SDX: a software defined internet exchange. ACM SIGCOMM Computer Communication Review, 44(4):551–562, 2015. Google ScholarDigital Library
- 30.A. Haeberlen. NetReview: Detecting When Interdomain Routing Goes Wrong. NSDI, 2009. Google ScholarDigital Library
- 31.E. Heilman, D. Cooper, L. Reyzin, and S. Goldberg. From the consent of the routed: Improving the transparency of the rpki. ACM SIGCOMM Computer Communication Review, 44(4):51–62, 2015. Google ScholarDigital Library
- 32.L. Lamport. The Part-Time Parliament. ACM Transactions on Computer Systems, 16(2), 1998. Google ScholarDigital Library
- 33.M. Lepinski et. al. A Profile for Route Origin Authorizations (ROAs). RFC 6482 (Proposed Standard), 2012.Google Scholar
- 34.M. Lepinski et. al. An Infrastructure to Support Secure Internet Routing. RFC 6480 (Informational), 2012.Google Scholar
- 35.S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf.Google Scholar
Comments