An analysis of the applicability of blockchain to secure IP - - PowerPoint PPT Presentation
An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01 OPSEC - IETF 101 - London March 2018 Jordi Pailliss , Albert Cabellos, Vina Ermagan, Alberto
draft-paillisse-sidrops-blockchain-01
Jordi Paillissé, Albert Cabellos, Vina Ermagan, Alberto Rodríguez, Fabio Maino
jordip@ac.upc.edu
http://openoverlayrouter.org
1
2
3
4
Sender’s Public Key Sender’s signature Transaction Data
5
Sender’s Public Key Sender’s signature Transaction Data Transactions are broadcasted to all the nodes
P2P network
1
6
Sender’s Public Key Sender’s signature Transaction Data Previous Hash
Transactions 1 ··· N Block
Transactions are broadcasted to all the nodes
2
A node collects transactions into a block
P2P network
1
7
Sender’s Public Key Sender’s signature Transaction Data Transactions are broadcasted to all the nodes
2
A node collects transactions into a block
3
Compute consensus algorithm
P2P network
1
Transactions 1’ ··· N’ New Block
Previous Hash
Transactions 1 ··· N Block
Previous Hash
8
Sender’s Public Key Sender’s signature Transaction Data Transactions are broadcasted to all the nodes
2
A node collects transactions into a block
P2P network
1 4
Broadcast new block to the network
3
Compute consensus algorithm
Transactions 1’ ··· N’ New Block
Previous Hash
Transactions 1 ··· N Block
Previous Hash
9
Sender’s Public Key Sender’s signature Transaction Data Transactions are broadcasted to all the nodes
2
A node collects transactions into a block
5
The other nodes verify the consensus algorithm and accept the block
P2P network
1 4
Broadcast new block to the network
3
Compute consensus algorithm
Transactions 1’ ··· N’ New Block
Previous Hash
Transactions 1 ··· N Block
Previous Hash
10
11
12
Prefix: 10/8 Holder: P+ IP address block + Holder IP address block + AS number Prefix: 10/8 AS#: 12345 Prefix: 10/8 Holder: P1+ Prefix: 10/8 Holder: P2+ Prefix: 10/8 Holder: P3+ Chain of allocations and delegations
new holder new holder
13
14
1 2 3
4 5 6
7 ... n n+1 n+2
blockchain
15
From: IANA To: IANA I have all prefixes
Allocation
1 2 3
4 5 6
7 ... n n+1 n+2
blockchain
16
From: IANA To: IANA I have all prefixes From: IANA To: APNIC Prefix 1/8 for APNIC
Allocation Allocation
1 2 3
4 5 6
7 ... n n+1 n+2
blockchain
17
From: IANA To: IANA I have all prefixes From: IANA To: APNIC Prefix 1/8 for APNIC From: APNIC To: ISP A ISP A has 1.2/16
Allocation Allocation Delegation
1 2 3
4 5 6
7 ... n n+1 n+2
blockchain
18
From: IANA To: IANA I have all prefixes From: IANA To: APNIC Prefix 1/8 for APNIC From: APNIC To: ISP A ISP A has 1.2/16 From: ISP A To: ISP A Bind 1.2/16 to AS # 12345
Allocation Binding Allocation Delegation
1 2 3
4 5 6
7 ... n n+1 n+2
blockchain Who has 1.2/16? AS# 12345
19
From: IANA To: IANA I have all prefixes From: IANA To: APNIC Prefix 1/8 for APNIC From: APNIC To: ISP A ISP A has 1.2/16 From: ISP A To: ISP A Bind 1.2/16 to AS # 12345
Allocation Binding Allocation Delegation
From: ISP A To: ISP A Bind 1.2/16 to AS # 12345
1 2 3
4 5 6
7 ... n n+1 n+2
blockchain Who has 1.2/16? AS# 12345
20
From: IANA To: IANA I have all prefixes From: IANA To: APNIC Prefix 1/8 for APNIC From: APNIC To: ISP A ISP A has 1.2/16 From: ISP A To: ISP A Bind 1.2/16 to AS # 12345
Allocation Binding Allocation Delegation
From: ISP A To: ISP A Bind 1.2/16 to AS # 12345
I can go back to check if this prefix was originally owned by IANA
21
22
Decentralized control Centralized control
23
Decentralized control Centralized control
24
From: keyA To: keyB Prefix 1/8 Other transactions…
25
From: keyA To: keyB Prefix 1/8 From: keyB To: keyC Prefix 1/8 Other transactions…
Controlled by the same entity
26
Internal RIR policies Blockchain (IP prefix1, pubkey1) (IP prefix2, pubkey2) …
27
Internal RIR policies Blockchain (IP prefix1, pubkey1) (IP prefix2, pubkey2) …
Update (prefix, key) pair
28
29
http://sharetv.com/shows/monty _pythons_flying_circus_uk
30
1-Allocate all /10
Genesis block 0/0 0::/0
31
1-Allocate all /10 3-Allocate ~130k prefixes*
*Extracted from RIR statistics exchange files, eg. ftp://ftp.apnic.net/pub/stats/apnic/delegated-apnic-extended-latest
2-Allocate all /16
Genesis block 0/0 0::/0
32
Processed ~160k transactions
33
Processed ~160k transactions
1-Allocate all /10 3-Allocate ~130k prefixes 2-Allocate all /16
34
35
36
37
years
*Source: http://www.potaroo.net/ispcol/2017-01/bgp2016.html
(IP blocks + AS bindings)
38
*Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Sec. 8
39
“I own all the address space” Hash(P+ root)= Root@1 Root@2 New Transaction
40
“allocate” Root@2 Root@3 (rest of space) New Transaction 0.0/16 Deleg1@ 25.5.5/8 Deleg2@
“delegate” Deleg1@ Deleg1@2 (rest of space) New Transaction 0.0.1/24 Deleg3@ 0.0.2/24 Deleg4@
41
“binding” Deleg3@ New Transaction 0.0.1/24 from AS# 12345
42
43
44