an analysis of the applicability
play

An analysis of the applicability of blockchain to secure IP - PowerPoint PPT Presentation

Sep 04, 2022 •494 likes •939 views

An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01 OPSEC - IETF 101 - London March 2018 Jordi Pailliss , Albert Cabellos, Vina Ermagan, Alberto

  1. An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01 OPSEC - IETF 101 - London March 2018 Jordi Paillissé , Albert Cabellos, Vina Ermagan, Alberto Rodríguez, Fabio Maino jordip@ac.upc.edu 1 http://openoverlayrouter.org

  2. A short Blockchain tutorial 2

  3. Blockchain - Introduction • Blockchain: – Decentralized, secure and trustless database – Token tracking system (who has what) • Add blocks of data one after another • Protected by two mechanisms: – Chain of signatures – Consensus algorithm • First appeared: Bitcoin, to exchange money • Other applications are possible 3

  4. Blockchain - Transactions Transaction Sender’s Public Key Sender’s signature Data 4

  5. Blockchain - Transactions Transactions are broadcasted 1 Transaction to all the nodes Sender’s Public Key Sender’s signature P2P network Data 5

  6. Blockchain - Transactions Transactions are broadcasted 1 Transaction to all the nodes Sender’s Public Key Sender’s signature P2P network Data A node collects transactions 2 into a block Block Previous Hash Transactions 1 ··· N 6

  7. Blockchain - Transactions Transactions are broadcasted 1 Transaction to all the nodes Sender’s Public Key Sender’s signature P2P network Data A node collects transactions 2 into a block 3 Compute consensus algorithm Block New Block Previous Hash Previous Hash Transactions 1’ ··· N’ Transactions 1 ··· N 7

  8. Blockchain - Transactions Transactions are broadcasted 1 Transaction to all the nodes Sender’s Public Key Sender’s signature P2P network Data A node collects transactions 2 into a block 3 Compute consensus algorithm 4 Broadcast new block to the network Block New Block Previous Hash Previous Hash Transactions 1’ ··· N’ Transactions 1 ··· N 8

  9. Blockchain - Transactions Transactions are broadcasted 1 Transaction to all the nodes Sender’s Public Key Sender’s signature P2P network Data A node collects transactions 2 into a block 3 Compute consensus algorithm 4 Broadcast new block to the network Block New Block The other nodes verify the 5 consensus algorithm and accept the block Previous Hash Previous Hash Transactions 1’ ··· N’ Transactions 1 ··· N 9

  10. Summary of features vs. traditional PKI systems Advantages Drawbacks • Decentralized • No crypto guarantees • No CAs • Large storage • Simplified management • Costly bootstrapping • Simple rekeying • Limited prior trust • Auditable • Censorship-resistant 10

  11. Blockchain for IP addresses 11

  12. Data in the blockcahin We want to store: Prefix: 10/8 Prefix: 10/8 Prefix: 10/8 new AS#: 12345 Holder: P1+ holder Holder: P+ new Prefix: 10/8 holder Holder: P2+ IP address block IP address block + + Prefix: 10/8 AS number Holder Holder: P3+ Chain of allocations and delegations 12

  13. IP addresses vs. coins • IP addresses = coins • Similar properties: – Unique – Transferrable – Divisible • Exchange blocks of IP addresses just like coins 13

  14. Example 14

  15. Allocation From: IANA To: IANA I have all prefixes 4 5 6 blockchain 0 1 2 3 7 ... n n+1 n+2 15

  16. Allocation Allocation From: IANA To: IANA From: IANA I have all prefixes To: APNIC Prefix 1/8 for APNIC 4 5 6 blockchain 0 1 2 3 7 ... n n+1 n+2 16

  17. Allocation Allocation Delegation From: IANA To: IANA From: IANA I have all prefixes To: APNIC From: APNIC Prefix 1/8 for APNIC To: ISP A ISP A has 1.2/16 4 5 6 blockchain 0 1 2 3 7 ... n n+1 n+2 17

  18. Allocation Allocation Delegation From: IANA Binding To: IANA From: IANA I have all prefixes To: APNIC From: APNIC From: ISP A Prefix 1/8 for APNIC To: ISP A To: ISP A ISP A has 1.2/16 Bind 1.2/16 to AS # 12345 4 5 6 blockchain 0 1 2 3 7 ... n n+1 n+2 18

  19. Allocation Allocation Delegation From: IANA Binding To: IANA From: IANA I have all prefixes To: APNIC From: APNIC From: ISP A Prefix 1/8 for APNIC To: ISP A To: ISP A ISP A has 1.2/16 Bind 1.2/16 to AS # 12345 4 5 6 blockchain 0 1 2 3 7 ... n n+1 n+2 From: ISP A Who has 1.2/16? To: ISP A Bind 1.2/16 to AS # 12345 AS# 12345 19

  20. Allocation Allocation I can go back to check if this prefix Delegation From: IANA was originally owned by IANA Binding To: IANA From: IANA I have all prefixes To: APNIC From: APNIC From: ISP A Prefix 1/8 for APNIC To: ISP A To: ISP A ISP A has 1.2/16 Bind 1.2/16 to AS # 12345 4 5 6 blockchain 0 1 2 3 7 ... n n+1 n+2 From: ISP A Who has 1.2/16? To: ISP A Bind 1.2/16 to AS # 12345 AS# 12345 20

  21. Operational Considerations 21

  22. Revocation Traditional Bitcoin PKIs Decentralized Centralized control control • Lost keys • Compromised keys • Improper use 22

  23. Revocation Traditional Bitcoin PKIs Decentralized Centralized control control Middle ground: • Timeout  transfer to previous owner • Multi-signature  more than one key • Revocation tx.  by a third party 23

  24. Rekeying • Delegating the block of addresses to itself using a new key pair. • Simpler than traditional rekeying schemes • Can be performed independently (each holder can do it without affecting other holders) From: keyA Other transactions… To: keyB Prefix 1/8 24

  25. Rekeying • Delegating the block of addresses to itself using a new key pair. • Simpler than traditional rekeying schemes • Can be performed independently (each holder can do it without affecting other holders) From: keyA From: keyB Other transactions… To: keyB To: keyC Prefix 1/8 Prefix 1/8 Controlled by the same entity 25

  26. Privacy • Lawful interception • RIR policies • Business relationships Public Private Blockchain Internal RIR (IP prefix1, pubkey1) policies (IP prefix2, pubkey2) … 26

  27. Privacy • Lawful interception • RIR policies • Business relationships Update Public Private (prefix, key) pair Blockchain Internal RIR (IP prefix1, pubkey1) policies (IP prefix2, pubkey2) … 27

  28. Prototype 28

  29. Prototype • Python http://sharetv.com/shows/monty • Features: _pythons_flying_circus_uk – Simple Proof of Stake – Block time 60s – 2 MB blocks – IPv4 and IPv6 • Open-sourced: https://github.com/OpenOverlayRouter/blo ckchain-mapping-system 29

  30. Experiment Genesis block Master 0/0 0::/0 1-Allocate all /10 8 nodes 30

  31. Experiment Genesis block Master 0/0 0::/0 1-Allocate all /10 8 nodes 2-Allocate all /16 3-Allocate ~130k prefixes* *Extracted from RIR statistics exchange files, eg. 31 ftp://ftp.apnic.net/pub/stats/apnic/delegated-apnic-extended-latest

  32. Processed ~160k transactions 32

  33. 3-Allocate ~130k prefixes 2-Allocate all /16 1-Allocate all /10 Processed ~160k transactions 33

  34. 34

  35. 35

  36. Thanks for listening! 36

  37. Scalability Approx. 600 GB in 2034 (IP blocks + AS bindings) • One AS <> prefix binding for each block of /24 IPv4 address space • Growth similar to BGP churn* • Each transaction approx. 400 bytes • Only IP Prefixes: worst case + BGP table growth*: approx. 40 GB in 20 years • With PoS, storage can be reduced 37 *Source: http://www.potaroo.net/ispcol/2017-01/bgp2016.html

  38. Storage • Several mechanisms can help reducing storage, eg: – Prune old transactions – Download only headers (Bitcoin SPV*) – Discard old blocks • These techniques depend on the consensus algorithm 38 *Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Sec. 8

  39. Transaction examples 39

  40. First transaction • Users trust the Public Key of the Root, that initially claims all address space by writing the genesis block • Root can delegate all address space to itself and use a different keypair New Transaction Root@2 “I own all the Hash(P+ root)= Root@1 address space” 40

  41. Prefix allocation and delegation • Root allocates blocks of addresses to other entities (identified by Hash(Public Key)) by adding transactions New Transaction Root@3 (rest of space) 0.0/16 Deleg1@ Root@2 “allocate” 25.5.5/8 Deleg2@ • Holders can further delegate address blocks to other entities New Transaction Deleg1@2 (rest of space) 0.0.1/24 Deleg3@ Deleg1@ “delegate” 0.0.2/24 Deleg4@ 41

  42. Writing AS bindings • Just like delegating a prefix, but instead of the new holder, we write the binding New Transaction 0.0.1/24 from AS# 12345 Deleg3@ “binding” 42

  43. External server authentication • Some information may not be suitable for the blockchain, or changes so fast it is already outdated when added into a block • A public key from an external server can also be included in the delegations • Since blockchain provides authentication and integrity for this key, parties can use it to authenticate responses from the external server 43

  44. FAQ • Does it grow indefinitely? – Yes • Do all nodes have the same information? – Yes • When answering a query, do you have to search the entire blockchain? – No, you can create a separate data structure only with the current data • If I lose my private key, do I lose my prefixes also? – Yes, watch out! 44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Applicability of LDP Advertisement Mode (draft-raza-mpls-ldp-applicability-label-adv-00.txt)

Applicability of LDP Advertisement Mode (draft-raza-mpls-ldp-applicability-label-adv-00.txt)

IETF 82 Taipei November 2011 Applicability of LDP Advertisement Mode (draft-raza-mpls-ldp-applicability-label-adv-00.txt) Kamran Raza Sami Boutros Luca Martini (Cisco Systems, Inc.) Nicolai Leymann (Deutsche Telekom) Draft Objective

446 views • 7 slides
ForCES Applicability Statement draft-crouch-forces-applicability-00.txt Mark Handley Alan Crouch

ForCES Applicability Statement draft-crouch-forces-applicability-00.txt Mark Handley Alan Crouch

ForCES Applicability Statement draft-crouch-forces-applicability-00.txt Mark Handley Alan Crouch ForCES Applicability Statement What is an Applicability Statement? A short draft stating what problems its reasonable to apply a protocol to.

332 views • 12 slides
Discussion of Vector-based Computers and Applicability of Different Types of Programs Weston

Discussion of Vector-based Computers and Applicability of Different Types of Programs Weston

Discussion of Vector-based Computers and Applicability of Different Types of Programs Weston Lahr &amp; Matt Myers Agenda Vector Processor vs Super Scalar Scientific Programs Evaluation Metrics Results &amp; Analysis

226 views • 18 slides
1

1

{HEADSHOT}* * The*field*of*so3ware*analysis*is*highly*diverse:*there*are*many*approaches*with*different*strengths*and* limitaBons*in*aspects*such*as*soundness,*completeness,*applicability,*and*scalability.* * In* this* lesson,* we* will*

699 views • 47 slides
Basic Framework Applicability all natural &amp; artificial persons Three basic features

Basic Framework Applicability all natural &amp; artificial persons Three basic features

Presentation at IIC, Annexe, New Delhi 20 th December 2012 FCRA - Specific Situations By CA Subhash Mittal, Secretary Socio Research Reform Foundation E-mail: smittal@sma.net.in Basic Framework Applicability all natural &amp; artificial

545 views • 12 slides
in the Medical Field with Thoughts on the Applicability of CnC as a Framework for Hybrid

in the Medical Field with Thoughts on the Applicability of CnC as a Framework for Hybrid

Archive # A Sketch of Data (graph) Analytic Applications in the Medical Field with Thoughts on the Applicability of CnC as a Framework for Hybrid Platforms in These Application Spaces Gary S. Delp, PhD Just a simple engineer Mayo Clinic S

678 views • 35 slides
Applicability of Free Energy Applicability of Free Energy Calculations using High-Throughput

Applicability of Free Energy Applicability of Free Energy Calculations using High-Throughput

Applicability of Free Energy Applicability of Free Energy Calculations using High-Throughput Calculations using High-Throughput Grid Approach Grid Approach Jan Kmunek, Petr Kulhnek, Zora Stelcov ek, Petr Kulhnek, Zora

482 views • 16 slides
or Instruments on international trade in legal services and their applicability in Asia Dr.

or Instruments on international trade in legal services and their applicability in Asia Dr.

GLOBALISING YOUR PRACTICE - OPPORTUNITIES AND CHALLENGES CHURNING OF THE OCEAN OF MILK or Instruments on international trade in legal services and their applicability in Asia Dr. Pter Kves 1st November 2018 Siem Reap, Cambodia

498 views • 15 slides
Aspects concerning the applicability of the efficiency k- factor in the case of calcareous fly ash

Aspects concerning the applicability of the efficiency k- factor in the case of calcareous fly ash

Proceedings of the EUROCOALASH 2012 Conference, Thessaloniki Greece, September 25-27 2012 http:// www.evipar.org/ Aspects concerning the applicability of the efficiency k- factor in the case of calcareous fly ash Ioanna Papayianni 1 ,

353 views • 9 slides
Natural Weathering of Petroleum and the Applicability of Bioremediation for Oil Spill Cleanup:

Natural Weathering of Petroleum and the Applicability of Bioremediation for Oil Spill Cleanup:

Natural Weathering of Petroleum and the Applicability of Bioremediation for Oil Spill Cleanup: The Exxon Valdez Experience Ronald Atlas University of Louisville James R. Bragg Creative Petroleum Solutions LLC Biodegradation is an Important

641 views • 49 slides
ON THE APPLICABILITY OF BINARY CLASSIFICATION TO DETECT MEMORY ACCESS ATTACKS IN IOT C&amp;ESAR

ON THE APPLICABILITY OF BINARY CLASSIFICATION TO DETECT MEMORY ACCESS ATTACKS IN IOT C&amp;ESAR

ON THE APPLICABILITY OF BINARY CLASSIFICATION TO DETECT MEMORY ACCESS ATTACKS IN IOT C&amp;ESAR 2018- Rennes | CEA Leti | KERROUMI Sanaa | 08/11/18 SOMMAIRE IoT node Related works Problem statement Proposed methodology Results Take out and

752 views • 36 slides
VALIDATION OF THE PMSS MODELLING SYSTEM IN URBAN ENVIRONMENTS AND APPLICABILITY IN CASE OF AN

VALIDATION OF THE PMSS MODELLING SYSTEM IN URBAN ENVIRONMENTS AND APPLICABILITY IN CASE OF AN

VALIDATION OF THE PMSS MODELLING SYSTEM IN URBAN ENVIRONMENTS AND APPLICABILITY IN CASE OF AN EMERGENCY Christophe Duchenne 1 , Patrick Armand 1 , Silvia Trini Castelli 2 , Gianni Tinarelli 3 , and Maxime Nibart 4 DE LA RECHERCHE

465 views • 14 slides
IMPLEMENTING PM-2.5 NSR IN AIR PERMITS Rules Applicability - Ketan Bhandutia Modeling Alan

IMPLEMENTING PM-2.5 NSR IN AIR PERMITS Rules Applicability - Ketan Bhandutia Modeling Alan

IMPLEMENTING PM-2.5 NSR IN AIR PERMITS Rules Applicability - Ketan Bhandutia Modeling Alan Dresser Stack Testing Mike Klein ISG Meeting : February 4, 2011 Federal Actions EPA established PM-2.5 NAAQS (10/17/2006 FR) 35

532 views • 24 slides
The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions Carlton Shepherd ,

The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions Carlton Shepherd ,

The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions Carlton Shepherd , Iakovos Gurulian, Eibe Frank * , Konstantinos Markantonakis, Raja N. Akram, Emmanouil Panaousis , Keith Mayes Information Security Group, Royal

590 views • 24 slides
Applicability of the Tunnel Setup Protocol (TSP) for the Hubs and Spokes Problem

Applicability of the Tunnel Setup Protocol (TSP) for the Hubs and Spokes Problem

Applicability of the Tunnel Setup Protocol (TSP) for the Hubs and Spokes Problem draft-blanchet-v6ops-tunnelbroker-tsp-03.txt IETF Softwire interim meeting Hong Kong, Feb. 2006 Florent.Parent@hexago.com Jean-Francois.Tremblay@hexago.com 1.0

783 views • 12 slides
PTrack: Enhancing the Applicability of Pedestrian Tracking with Wearables Yonghang Jiang,

PTrack: Enhancing the Applicability of Pedestrian Tracking with Wearables Yonghang Jiang,

PTrack: Enhancing the Applicability of Pedestrian Tracking with Wearables Yonghang Jiang, Zhenjiang Li, Jianping Wang Department of Computer Science City University of Hong Kong 6 Insurance companies Customer assessment Sedentary: 21 hours

376 views • 16 slides
Welcome We will begin at 7:30 p.m. Central Time. Call in for audio. You need to register

Welcome We will begin at 7:30 p.m. Central Time. Call in for audio. You need to register

Welcome We will begin at 7:30 p.m. Central Time. Call in for audio. You need to register Register here for a pin and phone number. Delegation What is effective delegation? Type in the chat box Press 1 on your phone Effective delegation is

522 views • 51 slides
Conducting Meaningful Conversations in Faith and Science Walter.Rogero@live.com Conducting

Conducting Meaningful Conversations in Faith and Science Walter.Rogero@live.com Conducting

Conducting Meaningful Conversations in Faith and Science Walter.Rogero@live.com Conducting Meaningful Conversations in Faith and Science As Christians interested in the nexus of science and religion, we sometimes find ourselves in

373 views • 23 slides
Share Chair 2.009 Final Presentation December 11, 2006 The Share Chair Traditional Wheelchair

Share Chair 2.009 Final Presentation December 11, 2006 The Share Chair Traditional Wheelchair

Share Chair 2.009 Final Presentation December 11, 2006 The Share Chair Traditional Wheelchair I hate having to give up all controlI feel vulnerable when I can t see the person pushing me or communicate with them. Kaley,

398 views • 18 slides
Marital Shocks and Womens Welfare in Africa Dominique van de Walle Development Research

Marital Shocks and Womens Welfare in Africa Dominique van de Walle Development Research

WIDER, September 2018 Marital Shocks and Womens Welfare in Africa Dominique van de Walle Development Research Group World Bank The marital experience is gendered in Africa 2 DHS 29 countries for individuals 15+; 2006 - 2013 Prevalence

244 views • 20 slides
Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Introduction Delegation operations in hierarchical RBAC Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation Jason Crampton Hemanth Khambhammettu semantics Conclusion Information Security

959 views • 57 slides
Global Types with Internal Delegation and Connecting Communications joint work with Ilaria

Global Types with Internal Delegation and Connecting Communications joint work with Ilaria

Motivation Recap of new terminology Calculus Type System Key Properties Conclusion Global Types with Internal Delegation and Connecting Communications joint work with Ilaria Castellani, Paola Giannini and Ross Horne Nobuko meeting

1.63k views • 116 slides
ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana

ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana

ffwd: delegation is (much) faster than you think Sepideh Roghanchi, Jakob Eriksson, Nilanjana Basu int get_seqno() { return ++seqno; } // ~1 Billion ops/s // single-threaded int threadsafe_get_seqno() { acquire(lock); int

1.04k views • 56 slides
Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due

Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due

Principles of Software Construction: Objects, Design, and Concurrency Part 1: Designing classes Design for reuse: delegation and inheritance Josh Bloch Charlie Garrod 17-214 1 Administrivia Homework 1 graded soon Reading due today:

845 views • 36 slides

More recommend