research-article

The Internet Blockchain: A Distributed, Tamper-Resistant Transaction Framework for the Internet

Authors:
Adiseshu Hari

Nokia Bell Labs

Nokia Bell Labs
View Profile

,
T. V. Lakshman

Nokia Bell Labs

Nokia Bell Labs
View Profile

HotNets '16: Proceedings of the 15th ACM Workshop on Hot Topics in NetworksNovember 2016Pages 204–210https://doi.org/10.1145/3005745.3005771

Published:09 November 2016Publication History

HotNets '16: Proceedings of the 15th ACM Workshop on Hot Topics in Networks

Pages 204–210

ABSTRACT

Existing security mechanisms for managing the Internet infrastructural resources like IP addresses, AS numbers, BGP advertisements and DNS mappings rely on a Public Key Infrastructure (PKI) that can be potentially compromised by state actors and Advanced Persistent Threats (APTs). Ideally the Internet infrastructure needs a distributed and tamper-resistant resource management framework which cannot be subverted by any single entity. A secure, distributed ledger enables such a mechanism and the blockchain is the best known example of distributed ledgers.

In this paper, we propose the use of a blockchain based mechanism to secure the Internet BGP and DNS infrastructure. While the blockchain has scaling issues to be overcome, the key advantages of such an approach include the elimination of any PKI-like root of trust, a verifiable and distributed transaction history log, multi-signature based authorizations for enhanced security, easy extensibility and scriptable programmability to secure new types of Internet resources and potential for a built in cryptocurrency. A tamper resistant DNS infrastructure also ensures that it is not possible for the application level PKI to spoof HTTPS traffic.

References

1.7 Transactions Per Second? Really? http://hashingit.com/analysis/33-7-transactions-per-second.Google Scholar
2.BGPSec Protocol Specification. https://tools.ietf.org/html/draft-ietf-sidr-bgpsec-protocol-17.Google Scholar
3.Bitcoin Mining Pools. http://www.nytimes.com/2016/07/03/business/dealbook/bitcoin-china.html?_r=0.Google Scholar
4.Bitcoin Scalability. https://en.bitcoin.it/wiki/Scalability.Google Scholar
5.DNS Security Extensions. https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions.Google Scholar
6.Hashgraph. http://www.swirlds.com/wp-content/uploads/2016/06/2016-05-31-Overview-of-Swirlds-Hashgraph-1.pdf.Google Scholar
7.IBM ADEPT. http://www-935.ibm.com/services/multimedia/GBE03662USEN.pdf.Google Scholar
8.IETF DANE WG. https://datatracker.ietf.org/wg/dane/charter/.Google Scholar
9.NameCoin. https://namecoin.info.Google Scholar
10.Nuage Networks. http://www.nuagenetworks.net.Google Scholar
11.Payment Channels. https://en.bitcoin.it/wiki/Payment_channels.Google Scholar
12.Secure BGP Deployment Final Report. http://transition.fcc.gov/bureaus/pshs/advisory/csric3/CSRIC_III_WG6_Report_March_202013.pdf.Google Scholar
13.The BGP Instability Report. http://bgpupdates.potaroo.net/instability/bgpupd.html.Google Scholar
14.The Ethereum Project. www.ethereum.org.Google Scholar
15.The Hyperledger Project. https://en.wikipedia.org/wiki/Hyperledger.Google Scholar
16.University of Oregon Route Views Project. www.routeviews.org.Google Scholar
17.Adam Back et. al. Enabling Blockchain Innovations with Pegged Sidechains. https://blockstream.com/sidechains.pdf.Google Scholar
18.M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: A Global Naming and Storage System Secured by Blockchains. In 2016 USENIX Annual Technical Conference (USENIX ATC 16), pages 181–194, Denver, CO, June 2016. USENIX Association.Google Scholar
19.Arvind Narayanan et.al. Bitcoin and Cryptocurrency Technologies. https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton_bitcoin_book.pdf?a=1. Google ScholarDigital Library
20.J. Bailey, D. Pemberton, A. Linton, C. Pelsser, and R. Bush. Enforcing RPKI-based Routing Policy on the Data Plane at an Internet Exchange. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN '14. Google ScholarDigital Library
21.M. Castro and B. Liskov. Practical Byzantine Fault Tolerance. OSDI '99, 1999. Google ScholarDigital Library
22.C. Decker, J. Seidel, and R. Wattenhofer. Bitcoin Meets Strong Consistency. In Proceedings of the 17th International Conference on Distributed Computing and Networking, pages 13:1–13:10, 2016. Google ScholarDigital Library
23.Eleftherios Kokoris Kogias et. al. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. In 25th USENIX Security Symposium (USENIX Security 16), pages 279–296, 2016.Google Scholar
24.A. Elmokashfi and A. Dhamdhere. Revisiting BGP Churn Growth. ACM SIGCOMM Computer Communication Review, 44(1), 2013. Google ScholarDigital Library
25.I. Eyal, A. E. Gencer, E. G. Sirer, and R. Van Renesse. Bitcoin-NG: A scalable blockchain protocol. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pages 45–59, 2016. Google ScholarDigital Library
26.S. Goldberg. Why Is It Taking So Long To Secure Internet Routing? Communications of the ACM, 57(10):56–63, 2014. Google ScholarDigital Library
27.A. Gupta, N. Feamster, and L. Vanbever. Authorizing Network Control at Software Defined Internet Exchange Points. 2016.Google Scholar
28.D. Gupta, A. Segal, A. Panda, G. Segev, M. Schapira, J. Feigenbaum, J. Rexford, and S. Shenker. A New Approach to Interdomain Routing Based on Secure Multi-Party Computation. Hotnets'12. Google ScholarDigital Library
29.Gupta, Arpit et. al. SDX: a software defined internet exchange. ACM SIGCOMM Computer Communication Review, 44(4):551–562, 2015. Google ScholarDigital Library
30.A. Haeberlen. NetReview: Detecting When Interdomain Routing Goes Wrong. NSDI, 2009. Google ScholarDigital Library
31.E. Heilman, D. Cooper, L. Reyzin, and S. Goldberg. From the consent of the routed: Improving the transparency of the rpki. ACM SIGCOMM Computer Communication Review, 44(4):51–62, 2015. Google ScholarDigital Library
32.L. Lamport. The Part-Time Parliament. ACM Transactions on Computer Systems, 16(2), 1998. Google ScholarDigital Library
33.M. Lepinski et. al. A Profile for Route Origin Authorizations (ROAs). RFC 6482 (Proposed Standard), 2012.Google Scholar
34.M. Lepinski et. al. An Infrastructure to Support Secure Internet Routing. RFC 6480 (Informational), 2012.Google Scholar
35.S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf.Google Scholar

Recommendations

Securing the Internet's Routing Infrastructure

Experts have been concerned about the security of the Internet's routing infrastructure, which was designed many years ago. Now, organizations are developing proposals to secure the infrastructure.

Read More
A blockchain-based certificate revocation management and status verification system
Abstract
Revocation management is one of the main tasks of the Public Key Infrastructure (PKI). It is also critical to the security of any PKI. As a result of the increase in the number and sizes of networks as well as the adoption of novel ...
Read More
Efficient hybrid centralized and blockchain-based authentication architecture for heterogeneous IoT systems
Abstract
With the rapid increase in the number of Internet of Things (IoT) devices in recent years, massive amounts of sensitive IoT data are being generated and transmitted over the Internet. Despite its growing adoption in various fields, IoT ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
HotNets '16: Proceedings of the 15th ACM Workshop on Hot Topics in Networks
November 2016
217 pages
ISBN:9781450346610
DOI:10.1145/3005745
General Chair:
Ellen Zegura
Georgia Tech
,
Program Chairs:
Bryan Ford
EPFL
,
Alex C. Snoeren
UC San Diego
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 9 November 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
BGPSec
Blockchain
DNSSEC
Security
Qualifiers
- research-article
Conference

Acceptance Rates
HotNets '16 Paper Acceptance Rate30of108submissions,28%Overall Acceptance Rate110of460submissions,24%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 77
  Total Citations
  View Citations
- 3,956
  Total Downloads
- Downloads (Last 12 months)57
- Downloads (Last 6 weeks)14
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

The Internet Blockchain: A Distributed, Tamper-Resistant Transaction Framework for the Internet

HotNets '16: Proceedings of the 15th ACM Workshop on Hot Topics in Networks

ABSTRACT

References

Cited By

Recommendations

Securing the Internet's Routing Infrastructure

A blockchain-based certificate revocation management and status verification system

Efficient hybrid centralized and blockchain-based authentication architecture for heterogeneous IoT systems