Decentralized trust in the inter-domain routing infrastructure

Inter-domain routing security is of critical importance to the Internet since it prevents unwanted traffic redirections. The current system is based on a Public Key Infrastructure (PKI), a centralized repository of digital certificates. However, the inherent centralization of such design creates tensions between its participants and hinders its deployment. In addition, some technical drawbacks of PKIs delay widespread adoption. In this paper we present IPchain, a blockchain to store the allocations and delegations of IP addresses. IPchain leverages blockchains' properties to decentralize trust among its participants, with the final goal of providing flexible trust models that adapt better to the ever-changing geopolitical landscape. Moreover, we argue that Proof of Stake is a suitable consensus algorithm for IPchain due to the unique incentive structure of this use-case, and that blockchains offer relevant technical advantages when compared to existing systems, such as simplified management. In order to show its feasibility and suitability, we have implemented and evaluated IPchain's performance and scalability storing around 350k IP prefixes in a 2.5 GB chain.Peer ReviewedPostprint (published version

Investigating the Potential of the Inter-IXP Multigraph for the Provisioning of Guaranteed End-to-End Services

In this work, we propose utilizing the rich connectivity between IXPs and ISPs for inter-domain path stitching, supervised by centralized QoS brokers. In this context, we highlight a novel abstraction of the Internet topology, i.e., the inter-IXP multigraph composed of IXPs and paths crossing the domains of their shared member ISPs. This can potentially serve as a dense Internet-wide substrate for provisioning guaranteed end-to-end (e2e) services with high path diversity and global IPv4 address space reach. We thus map the IXP multigraph, evaluate its potential, and introduce a rich algorithmic framework for path stitching on such graph structures.Comment: Proceedings of ACM SIGMETRICS '15, pages 429-430, 1/1/2015. arXiv admin note: text overlap with arXiv:1611.0264

Icebergs in the Clouds: the Other Risks of Cloud Computing

Cloud computing is appealing from management and efficiency perspectives, but brings risks both known and unknown. Well-known and hotly-debated information security risks, due to software vulnerabilities, insider attacks, and side-channels for example, may be only the "tip of the iceberg." As diverse, independently developed cloud services share ever more fluidly and aggressively multiplexed hardware resource pools, unpredictable interactions between load-balancing and other reactive mechanisms could lead to dynamic instabilities or "meltdowns." Non-transparent layering structures, where alternative cloud services may appear independent but share deep, hidden resource dependencies, may create unexpected and potentially catastrophic failure correlations, reminiscent of financial industry crashes. Finally, cloud computing exacerbates already-difficult digital preservation challenges, because only the provider of a cloud-based application or service can archive a "live," functional copy of a cloud artifact and its data for long-term cultural preservation. This paper explores these largely unrecognized risks, making the case that we should study them before our socioeconomic fabric becomes inextricably dependent on a convenient but potentially unstable computing model.Comment: 6 pages, 3 figure

Interdomain routing and games

We present a game-theoretic model that captures many of the intricacies of \emph{interdomain routing} in today's Internet. In this model, the strategic agents are source nodes located on a network, who aim to send traffic to a unique destination node. The interaction between the agents is dynamic and complex -- asynchronous, sequential, and based on partial information. Best-reply dynamics in this model capture crucial aspects of the only interdomain routing protocol de facto, namely the Border Gateway Protocol (BGP). We study complexity and incentive-related issues in this model. Our main results are showing that in realistic and well-studied settings, BGP is incentive-compatible. I.e., not only does myopic behaviour of all players \emph{converge} to a ``stable'' routing outcome, but no player has motivation to unilaterally deviate from the protocol. Moreover, we show that even \emph{coalitions} of players of \emph{any} size cannot improve their routing outcomes by collaborating. Unlike the vast majority of works in mechanism design, our results do not require any monetary transfers (to or by the agents).Interdomain Routing; Network Games; BGP protocol;

The State of Network Neutrality Regulation

The Network Neutrality (NN) debate refers to the battle over the design of a regulatory framework for preserving the Internet as a public network and open innovation platform. Fueled by concerns that broadband access service providers might abuse network management to discriminate against third party providers (e.g., content or application providers), policymakers have struggled with designing rules that would protect the Internet from unreasonable network management practices. In this article, we provide an overview of the history of the debate in the U.S. and the EU and highlight the challenges that will confront network engineers designing and operating networks as the debate continues to evolve.BMBF, 16DII111, Verbundprojekt: Weizenbaum-Institut für die vernetzte Gesellschaft - Das Deutsche Internet-Institut; Teilvorhaben: Wissenschaftszentrum Berlin für Sozialforschung (WZB)EC/H2020/679158/EU/Resolving the Tussle in the Internet: Mapping, Architecture, and Policy Making/ResolutioNe