Validating IP Prefixes and AS-Paths with Blockchains

Abstract

Networks (Autonomous Systems-AS) allocate or revoke IP prefixes with the intervention of official Internet resource number authorities, and select and advertise policy-compliant paths towards these prefixes using the inter-domain routing system and its primary enabler, the Border Gateway Protocol (BGP). Securing BGP has been a long-term objective of several research and industrial efforts during the last decades, that have culminated in the Resource Public Key Infrastructure (RPKI) for the cryptographic verification of prefix-to-AS assignments. However, there is still no widely adopted solution for securing IP prefixes and the (AS-)paths leading to them; approaches such as BGPsec have seen minuscule deployment. In this work, we design and implement a Blockchain-based system that (i) can be used to validate both of these resource types, (ii) can work passively and does not require any changes in the inter-domain routing system (BGP, RPKI), and (iii) can be combined with currently available systems for the detection and mitigation of routing attacks. We present early results and insights w.r.t. scalability.