Validating IP Prefixes and AS-Paths with Blockchains

TL;DR

This paper proposes a blockchain-based system to validate IP prefixes and AS-paths, offering a passive, deployable solution that complements existing routing security measures without requiring changes to current protocols.

Contribution

It introduces a novel blockchain approach for resource validation that operates passively and can integrate with existing routing security systems.

Findings

Early results indicate promising scalability.

The system can validate IP prefixes and AS-paths without protocol modifications.

Potential to enhance routing security alongside current solutions.

Abstract

Networks (Autonomous Systems-AS) allocate or revoke IP prefixes with the intervention of official Internet resource number authorities, and select and advertise policy-compliant paths towards these prefixes using the inter-domain routing system and its primary enabler, the Border Gateway Protocol (BGP). Securing BGP has been a long-term objective of several research and industrial efforts during the last decades, that have culminated in the Resource Public Key Infrastructure (RPKI) for the cryptographic verification of prefix-to-AS assignments. However, there is still no widely adopted solution for securing IP prefixes and the (AS-)paths leading to them; approaches such as BGPsec have seen minuscule deployment. In this work, we design and implement a Blockchain-based system that (i) can be used to validate both of these resource types, (ii) can work passively and does not require any changes in the inter-domain routing system (BGP, RPKI), and (iii) can be combined with currently available systems for the detection and mitigation of routing attacks. We present early results and insights w.r.t. scalability.