Validating IP Prefixes and AS-Paths with Blockchains

Ilias Sfirakis, Vasileios Kotronis

Networks (Autonomous Systems-AS) allocate or revoke IP prefixes with the intervention of official Internet resource number authorities, and select and advertise policy-compliant paths towards these prefixes using the inter-domain routing system and its primary enabler, the Border Gateway Protocol (BGP). Securing BGP has been a long-term objective of several research and industrial efforts during the last decades, that have culminated in the Resource Public Key Infrastructure (RPKI) for the cryptographic verification of prefix-to-AS assignments. However, there is still no widely adopted solution for securing IP prefixes and the (AS-)paths leading to them; approaches such as BGPsec have seen minuscule deployment. In this work, we design and implement a Blockchain-based system that (i) can be used to validate both of these resource types, (ii) can work passively and does not require any changes in the inter-domain routing system (BGP, RPKI), and (iii) can be combined with currently available systems for the detection and mitigation of routing attacks. We present early results and insights w.r.t. scalability.

Knowledge Graph



Sign up or login to leave a comment