research-article

Global Distributed Secure Mapping of Network Addresses

Authors:

Supraja Sridhara,

François Wirz,

Joeri de Ruiter,

Caspar Schutijser,

Adrian PerrigAuthors Info & Claims

TAURIN'21: Proceedings of the ACM SIGCOMM 2021 Workshop on Technologies, Applications, and Uses of a Responsible Internet

Pages 1 - 7

https://doi.org/10.1145/3472951.3473503

Published: 23 August 2021 Publication History

Abstract

Next-generation Internet architectures are being designed and deployed to overcome limitations of today's Internet. One such architecture with an increasing production deployment is SCION [23], which also includes a transition mechanism to support an incremental deployment and coexistence with the legacy IP-based Internet: the SCION-IP gateway. This mechanism---and similar mechanisms in other next-generation architectures---requires a distributed system to translate between old (IP) and new (SCION) addresses at an Internet scale and must connect the different public-key infrastructures to enable secure operation.

In this paper, we describe such a system for the SCION architecture. A gossip protocol distributes mappings between legacy IP and SCION addresses throughout the SCION network, and SCION's control-plane PKI and the Resource Public Key Infrastructure (RPKI) protect the authenticity of the individual mappings. We provide a prototype implementation and demonstrate that it scales to today's Internet with approximately one million IP prefixes.

References

[1]

Anapaya Systems. 2021. SCION-Internet: The New Way To Connect. https://www.anapaya.net/scion-the-new-way-to-connect.

[2]

Cristina Basescu, Raphael M. Reischuk, Pawel Szalachowski, Adrian Perrig, Yao Zhang, Hsu-Chun Hsiao, Ayumu Kubota, and Jumpei Urakawa. 2016. SIBRA: Scalable Internet Bandwidth Reservation Architecture. In Proceedings of the Symposium on Network and Distributed Systems Security (NDSS).

[3]

Tony Bates. 2021. CIDR Report. https://www.cidr-report.org/as2.0/.

[4]

Béla Bollobás and W Fernandez De La Vega. 1982. The diameter of random regular graphs. Combinatorica 2, 2 (1982), 125--134.

[5]

R. Bush. 2014. Origin Validation Operation Based on the Resource Public Key Infrastructure (RPKI). RFC 7115. https://doi.org/10.17487/RFC7115

[6]

Jon Crowcroft, Steven Hand, Richard Mortier, Timothy Roscoe, and Andrew Warfield. 2003. Plutarch: An Argument for Network Pluralism. Computer Communication Review 33 (01 2003), 258--266. https://doi.org/10.1145/972426.944763

Digital Library

[7]

Alberto Dainotti, Claudio Squarcella, Emile Aben, Kimberly C Claffy, Marco Chiesa, Michele Russo, and Antonio Pescapé. 2011. Analysis of country-wide Internet outages caused by censorship. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC). 1--18.

Digital Library

[8]

Varun Deshpande, Hakim Badis, and Laurent George. 2018. BTCmap: Mapping Bitcoin Peer-to-Peer Network Topology. In IFIP/IEEE International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN). 1--6. https://doi.org/10.23919/PEMWN.2018.8548904

[9]

D. Dolev and A. Yao. 1983. On the security of public key protocols. IEEE Transactions on Information Theory 29, 2 (March 1983), 198--208.

Digital Library

[10]

Dan Goodin. 2018. Google goes down after major BGP mishap routes traffic through China. https://arstechnica.com/information-technology/2018/11/major-bgp-mishap-takes-down-google-as-traffic-improperly-travels-to-china/.

[11]

Google. 2021. Certificate Transparency: How CT works. https://certificate.transparency.dev/howctworks/.

[12]

Gideon Greenspan. 2015. Avoiding the pointless blockchain project. https://www.multichain.com/blog/2015/11/avoiding-pointless-blockchain-project/, archived at https://perma.cc/GW53-2U9H.

[13]

Cristian Hesselman, Paola Grosso, Ralph Holz, Fernando Kuipers, Janet Hui Xue, Mattijs Jonker, Joeri de Ruiter, Anna Sperotto, Roland van Rijswijk-Deij, Giovane C. M. Moura, Aiko Pras, and Cees de Laat. 2020. A Responsible Internet to Increase Trust in the Digital World. Journal of Network and Systems Management 28, 4 (2020), 882--922. https://doi.org/10.1007/s10922-020-09564-7

Digital Library

[14]

P. Hoffman and J. Schlyter. 2012. The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698. https://doi.org/10.17487/RFC6698

[15]

Jonghoon Kwon, Juan A. García-Pardo, Markus Legner, François Wirz, Matthias Frei, David Hausheer, and Adrian Perrig. 2020. SCIONLab: A Next-Generation Internet Testbed. In Proceedings of the IEEE Conference on Network Protocols (ICNP).

[16]

M. Lepinski and S. Kent. 2012. An Infrastructure to Support Secure Internet Routing. RFC 6480. https://doi.org/10.17487/RFC6480

[17]

Ang Li, Xin Liu, and Xiaowei Yang. 2011. Bootstrapping Accountability in the Internet We Have. In USENIX Symposium on Networked Systems Design and Implementation (NSDI). https://www.usenix.org/conference/nsdi11/bootstrapping-accountability-internet-we-have

Digital Library

[18]

Pat Litke and Joe Stewart. 2014. BGP Hijacking for Cryptocurrency Profit. https://www.secureworks.com/research/bgp-hijacking-for-cryptocurrency-profit.

[19]

Xin Liu, Ang Li, Xiaowei Yang, and David Wetherall. 2008. Passport: Secure and Adoptable Source Authentication. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI). USENIX Association, San Francisco, CA. https://www.usenix.org/conference/nsdi-08/passport-secure-and-adoptable-source-authentication

Digital Library

[20]

James McCauley, Yotam Harchol, Aurojit Panda, Barath Raghavan, and Scott Shenker. 2019. Enabling a Permanent Revolution in Internet Architecture. In Proceedings of the ACM Special Interest Group on Data Communication (Beijing, China) (SIGCOMM '19). Association for Computing Machinery, New York, NY, USA, 1--14. https://doi.org/10.1145/3341302.3342075

Digital Library

[21]

George G. Michaelson, Geoff Huston, Tom Harrison, Tim Bruijnzeels, and Martin Hoffmann. 2021. A profile for Resource Tagged Attestations (RTAs). Internet-Draft draft-ietf-sidrops-rpki-rta-00. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-rta-00 Work in Progress.

[22]

Network Security Group, ETH Zurich. 2021. SCIONLab. https://www.scionlab.org/.

[23]

Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, and Laurent Chuat. 2017. SCION: A Secure Internet Architecture. Springer. https://doi.org/10.1007/978-3-319-67080-5

Digital Library

[24]

Benjamin Rothenberger, Dominik Roos, Markus Legner, and Adrian Perrig. 2020. PISKES: Pragmatic Internet-Scale Key-Establishment System. In Proceedings of the ACM Asia Conference on Computer and Communications Security (ASIACCS). https://doi.org/10.1145/3320269.3384743

Digital Library

[25]

Stephen Shirley. 2019. SCION ISD and AS numbering. https://github.com/scionproto/scion/wiki/ISD-and-AS-numbering.

[26]

Aftab Siddiqui. 2021. A Major BGP Hijack by AS55410-Vodafone Idea Ltd. https://www.manrs.org/2021/04/a-major-bgp-hijack-by-as55410-vodafone-idea-ltd/.

[27]

Mansi Sood and Osman Yagan. 2020. Tight Bounds for Connectivity of Random K-out Graphs. arXiv:2006.10638 [cs.IT]

[28]

Supraja Sridhara. 2021. SCION open-source implementation including SIAM components. https://github.com/suprajasridhara/scion/tree/siam.

[29]

Swisscom AG. 2021. Enhancing WAN connectivity and services for Swiss organisations with the next-generation internet. https://www.swisscom.ch/en/business/enterprise/downloads/security/international-connectivity-business.html.

[30]

Andree Toonk. 2017. BGP leak causing Internet outages in Japan and beyond. https://web.archive.org/web/20170828092034/https://bgpmon.net/bgp-leak-causing-internet-outages-in-japan-and-beyond/.

[31]

Brian Trammell, Jean-Pierre Smith, and Adrian Perrig. 2018. Adding path awareness to the Internet architecture. IEEE Internet Computing 22, 2 (2018), 96--102.

Cited By

Shi LMiao YRen JLiu R(2023)Game Analysis and Optimization for Evolutionary Dynamic Heterogeneous RedundancyIEEE Transactions on Network and Service Management10.1109/TNSM.2023.327598620:4(4186-4197)Online publication date: 15-May-2023
https://dl.acm.org/doi/10.1109/TNSM.2023.3275986
Sood MYağan O(2023)Existence and Size of the Giant Component in Inhomogeneous Random K-Out GraphsIEEE Transactions on Information Theory10.1109/TIT.2023.332576569:12(8081-8096)Online publication date: 19-Oct-2023
https://dl.acm.org/doi/10.1109/TIT.2023.3325765

Index Terms

Global Distributed Secure Mapping of Network Addresses
1. Networks
2. Security and privacy
  1. Network security
    1. Denial-of-service attacks
    2. Security protocols

Recommendations

Cascade of Distributed and Cooperating Firewalls in a Secure Data Network

Security issues are critical in networked information systems, e.g., with financial information, corporate proprietary information, contractual and legal information, human resource data, medical records, etc. The theme of this paper is to address such ...
Behind the Scenes: Uncovering TLS and Server Certificate Practice of IoT Device Vendors in the Wild
IMC '23: Proceedings of the 2023 ACM on Internet Measurement Conference

IoT devices are increasingly used in consumer homes. Despite recent works in characterizing IoT TLS usage for a limited number of in-lab devices, there exists a gap in quantitatively understanding TLS behaviors from devices in the wild and server-side ...
Byzantine-Secure Relying Party for Resilient RPKI
CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

BGP is a gaping hole in Internet security, as evidenced by numerous hijacks and outages. The significance of BGP for stability and security of the Internet has made it a top priority on the cyber security agenda of the US government, with CISA, FCC, and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

TAURIN'21: Proceedings of the ACM SIGCOMM 2021 Workshop on Technologies, Applications, and Uses of a Responsible Internet

August 2021

41 pages

ISBN:9781450386395

DOI:10.1145/3472951

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SIGCOMM '21

Sponsor:

SIGCOMM

SIGCOMM '21: ACM SIGCOMM 2021 Conference

August 23, 2021

Virtual Event, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
125
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)2

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shi LMiao YRen JLiu R(2023)Game Analysis and Optimization for Evolutionary Dynamic Heterogeneous RedundancyIEEE Transactions on Network and Service Management10.1109/TNSM.2023.327598620:4(4186-4197)Online publication date: 15-May-2023
https://dl.acm.org/doi/10.1109/TNSM.2023.3275986
Sood MYağan O(2023)Existence and Size of the Giant Component in Inhomogeneous Random K-Out GraphsIEEE Transactions on Information Theory10.1109/TIT.2023.332576569:12(8081-8096)Online publication date: 19-Oct-2023
https://dl.acm.org/doi/10.1109/TIT.2023.3325765

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents