An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01

Similar documents
A Blockchain-based Mapping System

ECC: Peer-to-Peer Electronic Cash with Trustless Network Services

Public Key Infrastructures

Some Lessons Learned from Designing the Resource PKI

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Alternatives to Blockchains. Sarah Meiklejohn (University College London)

Privacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology

Darkcoin: Peer to Peer Crypto Currency with Anonymous Blockchain Transactions and an Improved Proof of Work System

BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April

Blockchain without Bitcoin. Muralidhar Gopinath October 19, 2017 University at Albany

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains

RPKI Trust Anchor. Geoff Huston APNIC

10 minutes, 10 slides, goals, tech details and why it matters. Decentralized ID & Verifiable Claims

Problem: Equivocation!

A PKI For IDR Public Key Infrastructure and Number Resource Certification

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN

Technical Analysis of Established Blockchain Systems

Decentralized Internet Resource Trust Infrastructure

Ensimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto

Biomedical Security. Cipher Block Chaining and Applications

Key Security Issues for implementation of Digital Currency, including ITU-T SG17 activities

Prelude. The notes within this Whitepaper publication are intended to formally document the concepts and features of the Aegeus cryptocurrency.

FIRMS: a Future InteRnet Mapping System

Not ACID, not BASE, but SALT A Transaction Processing Perspective on Blockchains

ENEE 457: E-Cash and Bitcoin

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Feedback from RIPE NCC Registration Services. Alex Le Heux - RIPE NCC RIPE62, May 2011, Amsterdam

Ergo platform: from prototypes to a survivable cryptocurrency

Bitcoin and Blockchain

Analyzing Bitcoin Security. Philippe Camacho

Resource Certification

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

Update on Resource Certification. Geoff Huston, APNIC Mark Kosters, ARIN IEPG, March 2008

RPKI and Routing Security

Ergo platform. Dmitry Meshkov

Blockstack, a New Internet for Decentralized Apps. Muneeb Ali

Key concepts of blockchain

A Lightweight Blockchain Consensus Protocol

Overview of the Resource PKI (RPKI) Dr. Stephen Kent VP & Chief Scientist BBN Technologies

An Operational ISP & RIR PKI

Final /8 pool exhaustion plan

APNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013

Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1

Blockchain Beyond Bitcoin. Mark O Connell

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

Intended status: Informational Expires: July 18, 2017 January 14, 2017

An Operational ISP & RIR PKI

EVALUATION OF PROOF OF WORK (POW) BLOCKCHAINS SECURITY NETWORK ON SELFISH MINING

WAVE: A decentralised authorization system for IoT via blockchain smart contracts

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Introduction to Blockchain

How Formal Analysis and Verification Add Security to Blockchain-based Systems

Chapter 9: Key Management

Blockchain! What consultants should know about it. Daniel

I. Introduction. II. Security, Coinage and Attacks

Introduction to Cryptoeconomics

Resource Public Key Infrastructure

bitcoin allnet exam review: transport layer TCP basics congestion control project 2 Computer Networks ICS 651

Blockchains & Cryptocurrencies

Proof of Stake Made Simple with Casper

Introducción al RPKI (Resource Public Key Infrastructure)

Bitcoin, a decentralized and trustless protocol

Blockchain Certification Protocol (BCP)

International Journal of Computer Engineering and Applications, Volume XIII, Issue II, Feb. 19, ISSN

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective

INTRODUCTION WHY DAPS?

Remember Extension Headers?

DEV. Deviant Coin, Innovative Anonymity. A PoS/Masternode cr yptocurrency developed with POS proof of stake.

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

Modern key distribution with ClaimChains

Problem. BGP is a rumour mill.

Anonymity in Bitcoin. Presenter: Muhammad Anas Imtiaz

Consensus & Blockchain

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

WAVE: A Decentralized Authorization Framework with Transitive Delegation

The Technology behind Smart Contracts

Jan Møller Co-founder, CTO Chainalysis

What is Bitcoin? Consensus technology has the power to do for economics what the internet did for information - Dan Larimer

Fabric Development Update & Discussion. Binh Nguyen

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Radix - Public Node Incentives

11:1 Anonymous Internet Access Method for Wireless Systems

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

OUROBOROS PRAOS: AN ADAPTIVELY-SECURE, SEMI-SYNCHRONOUS

Proof-of-Stake Protocol v3.0

Stealthsend Whitepaper Brief

SpaceMint Overcoming Bitcoin s waste of energy

Decentralized Identity for a Decentralized World. Alex Simons Partner Director Program Management, Identity Division Microsoft

Who wants to be a millionaire? A class in creating your own cryptocurrency

Digital Certificates Demystified

BaFin-Tech 2018 BlockChain & Security (from #developerview)

Introduction to Bitcoin I

Realization and Addressing Analysis In Blockchain Bitcoin

Technical White Paper of. MOAC Mother of All Chains. June 8 th, 2017

Transcription:

An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01 OPSEC - IETF 101 - London March 2018 Jordi Paillissé, Albert Cabellos, Vina Ermagan, Alberto Rodríguez, Fabio Maino jordip@ac.upc.edu http://openoverlayrouter.org 1

A short Blockchain tutorial 2

Blockchain - Introduction Blockchain: Decentralized, secure and trustless database Token tracking system (who has what) Add blocks of data one after another Protected by two mechanisms: Chain of signatures Consensus algorithm First appeared: Bitcoin, to exchange money Other applications are possible 3

Blockchain - Transactions Transaction Sender s Public Key Sender s signature Data 4

Blockchain - Transactions Transaction Sender s Public Key Sender s signature Data 1 Transactions are broadcasted to all the nodes P2P network 5

Blockchain - Transactions Transaction Sender s Public Key Sender s signature Data 1 Transactions are broadcasted to all the nodes P2P network 2 A node collects transactions into a block Block Previous Hash Transactions 1 N 6

Blockchain - Transactions Transaction Sender s Public Key Sender s signature Data 1 Transactions are broadcasted to all the nodes P2P network 2 A node collects transactions into a block 3 Compute consensus algorithm Block Previous Hash New Block Previous Hash Transactions 1 N Transactions 1 N 7

Blockchain - Transactions Transaction Sender s Public Key 1 Transactions are broadcasted to all the nodes Sender s signature P2P network Data 2 A node collects transactions into a block 3 Compute consensus algorithm 4 Broadcast new block to the network Block Previous Hash New Block Previous Hash Transactions 1 N Transactions 1 N 8

Blockchain - Transactions Transaction Sender s Public Key 1 Transactions are broadcasted to all the nodes Sender s signature P2P network Data 2 A node collects transactions into a block 3 Compute consensus algorithm 4 Broadcast new block to the network Block Previous Hash New Block Previous Hash 5 The other nodes verify the consensus algorithm and accept the block Transactions 1 N Transactions 1 N 9

Summary of features vs. traditional PKI systems Advantages Decentralized No CAs Simplified management Simple rekeying Limited prior trust Auditable Censorship-resistant Drawbacks No crypto guarantees Large storage Costly bootstrapping 10

Blockchain for IP addresses 11

Data in the blockcahin We want to store: Prefix: 10/8 Holder: P+ Prefix: 10/8 Holder: P1+ new holder Prefix: 10/8 AS#: 12345 IP address block + Holder Prefix: 10/8 Holder: P2+ Prefix: 10/8 Holder: P3+ new holder IP address block + AS number Chain of allocations and delegations 12

IP addresses vs. coins IP addresses = coins Similar properties: Unique Transferrable Divisible Exchange blocks of IP addresses just like coins 13

Example 14

Allocation From: IANA To: IANA I have all prefixes blockchain 0 1 2 3 4 5 6 7... n n+1 n+2 15

Allocation From: IANA To: IANA I have all prefixes Allocation From: IANA To: APNIC Prefix 1/8 for APNIC blockchain 0 1 2 3 4 5 6 7... n n+1 n+2 16

Allocation From: IANA To: IANA I have all prefixes Allocation From: IANA To: APNIC Prefix 1/8 for APNIC Delegation From: APNIC To: ISP A ISP A has 1.2/16 blockchain 0 1 2 3 4 5 6 7... n n+1 n+2 17

Allocation From: IANA To: IANA I have all prefixes Allocation From: IANA To: APNIC Prefix 1/8 for APNIC Delegation From: APNIC To: ISP A ISP A has 1.2/16 Binding From: ISP A To: ISP A Bind 1.2/16 to AS # 12345 blockchain 0 1 2 3 4 5 6 7... n n+1 n+2 18

Allocation From: IANA To: IANA I have all prefixes Allocation From: IANA To: APNIC Prefix 1/8 for APNIC Delegation From: APNIC To: ISP A ISP A has 1.2/16 Binding From: ISP A To: ISP A Bind 1.2/16 to AS # 12345 blockchain 0 1 2 3 4 5 6 7... n n+1 n+2 Who has 1.2/16? AS# 12345 From: ISP A To: ISP A Bind 1.2/16 to AS # 12345 19

Allocation From: IANA To: IANA I have all prefixes Allocation From: IANA To: APNIC Prefix 1/8 for APNIC I can go back to check if this prefix Delegation was originally owned by Binding IANA From: APNIC To: ISP A ISP A has 1.2/16 From: ISP A To: ISP A Bind 1.2/16 to AS # 12345 blockchain 0 1 2 3 4 5 6 7... n n+1 n+2 Who has 1.2/16? AS# 12345 From: ISP A To: ISP A Bind 1.2/16 to AS # 12345 20

Operational Considerations 21

Revocation Traditional PKIs Centralized control Bitcoin Decentralized control Lost keys Compromised keys Improper use 22

Revocation Traditional PKIs Centralized control Bitcoin Decentralized control Middle ground: Timeout transfer to previous owner Multi-signature more than one key Revocation tx. by a third party 23

Rekeying Delegating the block of addresses to itself using a new key pair. Simpler than traditional rekeying schemes Can be performed independently (each holder can do it without affecting other holders) From: keya To: keyb Prefix 1/8 Other transactions 24

Rekeying Delegating the block of addresses to itself using a new key pair. Simpler than traditional rekeying schemes Can be performed independently (each holder can do it without affecting other holders) From: keya To: keyb Prefix 1/8 Other transactions From: keyb To: keyc Prefix 1/8 Controlled by the same entity 25

Privacy Lawful interception RIR policies Business relationships Public Private Blockchain (IP prefix1, pubkey1) (IP prefix2, pubkey2) Internal RIR policies 26

Privacy Lawful interception RIR policies Business relationships Public Blockchain (IP prefix1, pubkey1) (IP prefix2, pubkey2) Update (prefix, key) pair Private Internal RIR policies 27

Prototype 28

http://sharetv.com/shows/monty _pythons_flying_circus_uk Prototype Python Features: Simple Proof of Stake Block time 60s 2 MB blocks IPv4 and IPv6 Open-sourced: https://github.com/openoverlayrouter/blo ckchain-mapping-system 29

Experiment Master Genesis block 0/0 0::/0 1-Allocate all /10 8 nodes 30

Experiment Master Genesis block 0/0 0::/0 1-Allocate all /10 2-Allocate all /16 8 nodes 3-Allocate ~130k prefixes* *Extracted from RIR statistics exchange files, eg. ftp://ftp.apnic.net/pub/stats/apnic/delegated-apnic-extended-latest 31

Processed ~160k transactions 32

3-Allocate ~130k prefixes 2-Allocate all /16 1-Allocate all /10 Processed ~160k transactions 33

34

35

Thanks for listening! 36

Scalability Approx. 600 GB in 2034 (IP blocks + AS bindings) One AS <> prefix binding for each block of /24 IPv4 address space Growth similar to BGP churn* Each transaction approx. 400 bytes Only IP Prefixes: worst case + BGP table growth*: approx. 40 GB in 20 years With PoS, storage can be reduced *Source: http://www.potaroo.net/ispcol/2017-01/bgp2016.html 37

Storage Several mechanisms can help reducing storage, eg: Prune old transactions Download only headers (Bitcoin SPV*) Discard old blocks These techniques depend on the consensus algorithm *Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Sec. 8 38

Transaction examples 39

First transaction Users trust the Public Key of the Root, that initially claims all address space by writing the genesis block Root can delegate all address space to itself and use a different keypair New Transaction Hash(P+ root)= Root@1 I own all the address space Root@2 40

Prefix allocation and delegation Root allocates blocks of addresses to other entities (identified by Hash(Public Key)) by adding transactions Root@2 New Transaction allocate Root@3 (rest of space) 0.0/16 Deleg1@ 25.5.5/8 Deleg2@ Holders can further delegate address blocks to other entities Deleg1@ New Transaction delegate Deleg1@2 (rest of space) 0.0.1/24 Deleg3@ 0.0.2/24 Deleg4@ 41

Writing AS bindings Just like delegating a prefix, but instead of the new holder, we write the binding New Transaction Deleg3@ binding 0.0.1/24 from AS# 12345 42

External server authentication Some information may not be suitable for the blockchain, or changes so fast it is already outdated when added into a block A public key from an external server can also be included in the delegations Since blockchain provides authentication and integrity for this key, parties can use it to authenticate responses from the external server 43

FAQ Does it grow indefinitely? Yes Do all nodes have the same information? Yes When answering a query, do you have to search the entire blockchain? No, you can create a separate data structure only with the current data If I lose my private key, do I lose my prefixes also? Yes, watch out! 44

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback