Abstract
The Internet lacking accountability suffers from IP address spoofing, prefix hijacking, and DDoS attacks. Global PKI-based accountable network involves harmful centralized authority abuse and complex certificate management. The inherently accountable network with self-certifying addresses is incompatible with the current Internet and faces the difficulty of revoking and updating keys. This study presents DIIA, a blockchain-based decentralized infrastructure to provide accountability for the current Internet. Specifically, DIIA designs a public-permissioned blockchain called TIPchain to act as a decentralized trust anchor, allowing cryptographic authentication of IP addresses without any global trusted authority. DIIA also proposes the revocable trustworthy IP address bound to the cryptographic key, which supports automatic key renewal and efficient key revocation and eliminates complexity certificate management. We present several security mechanisms based on DIIA to show how DIIA can help to enhance network layer security. We also implement a prototype system and experiment with real-world data. The results demonstrate the feasibility and suitability of our work in practice.
Highlights
Accountability in the network is a means to identify the sources of traffic for two purposes: to selectively filter abusive or noncompliant traffic from malicious sources on a perdestination basis, while permitting traffic from others to proceed, and to report and disconnect abusive machines before they attack others [1]. e lack of accountability in current Internet architecture facilitates malicious or infected hosts arbitrarily spoof their source addresses to evade responsibility for their malicious packets [2]. e spoofed IP source renders the trigger of distributed denial of service (DDoS) attacks concealed [3]
We present Decentralized Infrastructure for Internet Accountability (DIIA), a blockchain-based decentralized infrastructure for achieving accountability on the current Internet
DIIA is built from the Identity-based cryptography (IBC) mechanism but does not introduce any global trusted authority
Summary
Accountability in the network is a means to identify the sources of traffic for two purposes: to selectively filter abusive or noncompliant traffic from malicious sources on a perdestination basis, while permitting traffic from others to proceed, and to report and disconnect abusive machines before they attack others [1]. e lack of accountability in current Internet architecture facilitates malicious or infected hosts arbitrarily spoof their source addresses to evade responsibility for their malicious packets [2]. e spoofed IP source renders the trigger of distributed denial of service (DDoS) attacks concealed [3]. Ird, Security and Communication Networks certificate management brings additional complexity and costs, which further limits the scalability and deployability of the infrastructure To address these problems, researchers propose the selfcertifying address to achieve accountability [13, 14]. DIIA employs and extends the IBC mechanism to cryptographically authenticate IP addresses and prefixes without introducing any global trusted authority. It provides trusted domain isolation and autonomous control of key distribution of the IP addresses under the jurisdiction of each domain. Without any global trusted authority, DIIA provides autonomous, efficient, and secure key management for large-scale Internet endpoints.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
