A Blockchain-based Mapping System IETF 98 – Chicago March 2017 Jordi Paillissé, Albert Cabellos , Vina Ermagan, Fabio Maino acabello@ac.upc.edu htup://openoverlayrouter.org 1
A short Blockchain tutorial 2
Blockchain - Introductjon • Blockchain = decentralized, secure and trustless database • Add blocks of data one afuer another • Protected by two mechanisms: – Chain of signatures – Consensus algorithm • First appeared: Bitcoin, to exchange money • Many more applicatjons are possible 3
Blockchain - Transactjons Transactjon Sender’s Public Key Sender’s signature Tx Data 4
Blockchain - Transactjons Transactjons are broadcasted 1 Transactjon to all the nodes Sender’s Public Key Sender’s signature P2P network Tx Data 5
Blockchain - Transactjons Transactjons are broadcasted 1 Transactjon to all the nodes Sender’s Public Key Sender’s signature P2P network Tx Data A node collects transactjons 2 into a block Block Nonce Prev. Hash Transactjons 1 ··· N 6
Blockchain - Transactjons Transactjons are broadcasted 1 Transactjon to all the nodes Sender’s Public Key Sender’s signature P2P network Tx Data A node collects transactjons 2 into a block 3 Compute consensus algorithm Block New Block Nonce Nonce Prev. Hash Prev. Hash Transactjons 1 ··· N Transactjons 1 ··· N’ 7
Blockchain - Transactjons Transactjons are broadcasted 1 Transactjon to all the nodes Sender’s Public Key Sender’s signature P2P network Tx Data A node collects transactjons 2 into a block 3 Compute consensus algorithm 4 Broadcast new block to the network Block New Block Nonce Nonce Prev. Hash Prev. Hash Transactjons 1 ··· N Transactjons 1 ··· N’ 8
Blockchain - Transactjons Transactjons are broadcasted 1 Transactjon to all the nodes Sender’s Public Key Sender’s signature P2P network Tx Data A node collects transactjons 2 into a block 3 Compute consensus algorithm 4 Broadcast new block to the network Block New Block The other nodes verify the 5 consensus algorithm and Nonce Nonce Prev. Hash Prev. Hash accept the block Transactjons 1 ··· N Transactjons 1 ··· N’ 9
Blockchain - Propertjes • Decentralized: all nodes have the entjre blockchain • No prior trust required • Decouples ownership from identjty • Append-only and immutable: added transactjons cannot be modifjed • Verifjable “Blockchain Technology”, Sutardja Center (UC Berkeley) 10 htup://scet.berkeley.edu/wp-content/uploads/BlockchainPaper.pdf
A Blockchain-based Mapping System Overview 11
Basic Idea • Objectjve : Securely store: – EID prefjx delegatjons (as in RPKI or DDT-ROOT) – EID-to-MS informatjon (as in DDT) – EID-to-RLOC mappings (as in MS) • Map Resolvers read the blockchain to fjnd the mappings • Idea : An EID is equivalent to a coin – Wallet: A set of EIDs – Transactjon: Delegatjng EIDs or binding them to a MS or a set of RLOCs – Blockchain: A public ledger of the transactjons 12
A Blockchain-based Mapping System Storing EID delegatjons and EID-to-RLOC mappings 13
1-Writes Genesis block, claims all EID space WRITE ROOT ROOT 0 1 2 ... n n+1 n+2 blockchain 14
1-Writes 2-Writes Genesis block, Prefjx owner claims all EID space mapping WRITE EID-prefjx EID-prefjx ROOT ROOT owner owner Delegatjon 0 1 2 ... n n+1 n+2 blockchain 15
1-Writes 3-Writes 2-Writes Prefjx EID-to- Genesis block, Prefjx owner claims all EID space RLOC mapping mapping WRITE EID-prefjx EID-prefjx EID-prefjx ROOT ROOT owner owner owner Delegatjon Delegatjon 0 1 2 ... n n+1 n+2 blockchain 16
1-Writes 3-Writes 2-Writes Prefjx EID-to- Genesis block, Prefjx owner claims all EID space RLOC mapping mapping WRITE EID-prefjx EID-prefjx EID-prefjx ROOT ROOT owner owner owner Delegatjon Delegatjon 0 1 2 ... n n+1 n+2 blockchain 2-Fetch mappings 1-Map-Request EIDpref RLOC1 RLOC2 READ RLOC3 3-Map-Reply xTR MR/MS with blockchain 17
A Blockchain-based Mapping System Storing EID delegatjons and EID-to-MS informatjon 18
1-Writes Genesis block, claims all EID space WRITE ROOT ROOT 0 1 2 ... n n+1 n+2 blockchain 19
1-Writes 2-Writes Genesis block, Prefjx owner claims all EID space mapping WRITE EID-prefjx EID-prefjx ROOT ROOT owner owner Delegatjon 0 1 2 ... n n+1 n+2 blockchain 20
1-Writes 3-Writes 2-Writes Prefjx EID-to- Genesis block, Prefjx owner claims all EID space MS informatjon mapping WRITE EID-prefjx EID-prefjx EID-prefjx ROOT ROOT owner owner owner Delegatjon Delegatjon 0 1 2 ... n n+1 n+2 blockchain 21
1-Writes 3-Writes 2-Writes Prefjx EID-to- Genesis block, Prefjx owner claims all EID space MS informatjon mapping WRITE EID-prefjx EID-prefjx EID-prefjx ROOT ROOT owner owner owner Delegatjon Delegatjon 0 1 2 ... n n+1 n+2 blockchain 2-Fetch EID-to-MS informatjon 1-Map-Request 2-Map-Request READ 3-Map-Reply xTR MR MS (in proxy-mode, as an example) 22
Pros and Cons Pros Cons • Infrastructure-less and • Challenges with incentjves decentralized • Slow updates • Fast lookup – Mappings can be stored in a • Secure, without certs MS, then performance is as fast as DDT – Non-repudiatjon • Costly bootstrapping – Resilience • Large storage required – Integrity – Authentjcatjon • No prior trust required Can be mitjgated using a dedicated chain • Simple rekeying 23
Comparison with LISP-DDT LISP-DDT Blockchain Root Root Node N Node 1 Node 2 … DDT1 DDT2 DDT1 DDT2 Chain Chain Chain Chain Chain Chain MS1.1 MS1.2 MS2.1 MS1.1 MS1.2 MS2.1 + Fast update Dynamic mappings + Less infrastructure + No certjfjcates - Manual confjguratjon + Fast queries - Large storage required - Update mappings slow Store Mappings in MS (same performance as MS) 24
Issues with RPKI RPKI Blockchain Anonymity [1] Prefjxes linked to owner name Prefjxes linked to a public key Revocatjon Performed by CAs Performed automatjcally (validity tjme) or impossible Certjfjcate Complex No certjfjcates management [2] [1] Wählisch, Matuhias, et al. "RiPKI: The tragic story of RPKI deployment in the Web ecosystem." Proceedings of the 14th ACM Workshop on Hot Topics in Networks . ACM, 2015. [2] George, Wes. "Adventures in RPKI (non) Deployment." NANOG, 2014. 25
Scalability Approx. 600 GB in 2034 • One mapping for each block of /24 IPv4 address space • Growth similar to BGP churn* • Prefjx delegatjon + mappings • Each transactjon approx. 400 bytes • Only prefjxes: approx. 40 GB in 20 years (worst case + BGP table growth*) 26 *Source: htup://www.potaroo.net/ispcol/2017-01/bgp2016.html
A Blockchain-based Mapping System Transactions 27
First transaction • Map-Resolver trust the Public Key of the Root, that initially claims all EID space by writing the genesis block • Root can delegate all EID space to itself and use a different keypair New Transaction Root@2 Hash(P+ root)= Root@1 “I own all the address space” 28
Prefix delegation • Root delegates EID-prefixes to other entities (identified by Hash(Public Key)) by adding transactions New Transaction Root@3 (rest of space) 0.0/16 Deleg1@ Root@2 “delegate” 25.5.5/8 Deleg2@ • Owners can further delegate address blocks to other entities or write MS addresses (and MS’s Public Key) New Transaction Deleg1@2 (rest of space) 0.0.1/24 Deleg3@ Deleg1@ “delegate” 0.0.2/24 MS@ and P+ 29
Writing mappings • Just like delegating a prefix, but instead of the Map Server address, we write the mapping New Transaction 0.0.1/24 is at RLOC1 Deleg3@ “mapping” 30
Rekeying • Delegating the owned EID-prefixes to itself using a new key set. • Simpler than traditional rekeying schemes • Can be performed independently, i.e. each owner can do it without affecting other owners • Same procedure for mappings 31
Map-Reply Authentication • MS public key can also be included in the delegations • Since blockchain provides authentication and integrity for this key, MRs can use it to verify Map-Replies 2-Retrieve MS RLOC and MS’s Public Key 3-Map-Request 1-Map-Request xTR 6-Map-Reply 4-Signed Map-Reply MR MS 5-Verify With MS’s Private Key signature 32
A Blockchain-based Mapping System Prototyping 33
Design consideratjons • Bitcoin is too restrictjve: – Only for money transfer – Huge blockchain fjle size (approx. 100 GB) – High bootstrap tjme (several days*) – Low throughput (7 transactjons/sec.) • New blockchain technologies: – More scalable – Smart contracts *depends on connectjon speed 34
Dedicated chain • Public (anyone can use it) but dedicated (only for mappings) • Stores: – Prefjx delegatjons – Replaces DDT ROOT – EID-to-MS informatjon – Replaces DDT-Nodes – EID-to-RLOC mappings (if you don´t expect many updates) – xTR does NOT need a Map-Server • We plan to deploy it in LISP-Beta 35
Prototype New mappings Java SDK Validate LISP Flow Mappings Mappings Mappings New mappings Map-Request Map-Reply Hyperledger P2P network xTR 36
Recommend
More recommend