Abstract

The Internet lacking accountability suffers from IP address spoofing, prefix hijacking, and DDoS attacks. Global PKI-based accountable network involves harmful centralized authority abuse and complex certificate management. The inherently accountable network with self-certifying addresses is incompatible with the current Internet and faces the difficulty of revoking and updating keys. This study presents DIIA, a blockchain-based decentralized infrastructure to provide accountability for the current Internet. Specifically, DIIA designs a public-permissioned blockchain called TIPchain to act as a decentralized trust anchor, allowing cryptographic authentication of IP addresses without any global trusted authority. DIIA also proposes the revocable trustworthy IP address bound to the cryptographic key, which supports automatic key renewal and efficient key revocation and eliminates complexity certificate management. We present several security mechanisms based on DIIA to show how DIIA can help to enhance network layer security. We also implement a prototype system and experiment with real-world data. The results demonstrate the feasibility and suitability of our work in practice.

Highlights

  • Accountability in the network is a means to identify the sources of traffic for two purposes: to selectively filter abusive or noncompliant traffic from malicious sources on a perdestination basis, while permitting traffic from others to proceed, and to report and disconnect abusive machines before they attack others [1]. e lack of accountability in current Internet architecture facilitates malicious or infected hosts arbitrarily spoof their source addresses to evade responsibility for their malicious packets [2]. e spoofed IP source renders the trigger of distributed denial of service (DDoS) attacks concealed [3]

  • We present Decentralized Infrastructure for Internet Accountability (DIIA), a blockchain-based decentralized infrastructure for achieving accountability on the current Internet

  • DIIA is built from the Identity-based cryptography (IBC) mechanism but does not introduce any global trusted authority

Read more

Summary

Introduction

Accountability in the network is a means to identify the sources of traffic for two purposes: to selectively filter abusive or noncompliant traffic from malicious sources on a perdestination basis, while permitting traffic from others to proceed, and to report and disconnect abusive machines before they attack others [1]. e lack of accountability in current Internet architecture facilitates malicious or infected hosts arbitrarily spoof their source addresses to evade responsibility for their malicious packets [2]. e spoofed IP source renders the trigger of distributed denial of service (DDoS) attacks concealed [3]. Ird, Security and Communication Networks certificate management brings additional complexity and costs, which further limits the scalability and deployability of the infrastructure To address these problems, researchers propose the selfcertifying address to achieve accountability [13, 14]. DIIA employs and extends the IBC mechanism to cryptographically authenticate IP addresses and prefixes without introducing any global trusted authority. It provides trusted domain isolation and autonomous control of key distribution of the IP addresses under the jurisdiction of each domain. Without any global trusted authority, DIIA provides autonomous, efficient, and secure key management for large-scale Internet endpoints.

Related Work
Problem Statement
Background
TIPchain Design
Use of DIIA
Experiment and Evaluation
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.