-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
20 changed files
with
542 additions
and
84 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,385 @@ | ||
<!DOCTYPE html> | ||
<html lang="en"> | ||
|
||
<head> | ||
<meta charset="UTF-8"> | ||
<meta name="viewport" | ||
content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"> | ||
<meta http-equiv="X-UA-Compatible" content="ie=edge"> | ||
|
||
<meta name="author" content="Simba"> | ||
|
||
|
||
|
||
|
||
|
||
<title>RPKI IPchain (PaperReading) | Simba's Homepage</title> | ||
|
||
|
||
|
||
<link rel="icon" href="/favicon.ico"> | ||
|
||
|
||
|
||
|
||
<!-- stylesheets list from _config.yml --> | ||
|
||
<link rel="stylesheet" href="/css/style.css"> | ||
|
||
|
||
|
||
|
||
<!-- scripts list from _config.yml --> | ||
|
||
<script src="/js/script.js"></script> | ||
|
||
<script src="/js/tocbot.min.js"></script> | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<meta name="generator" content="Hexo 6.3.0"></head> | ||
|
||
<body> | ||
<script> | ||
// this function is used to check current theme before page loaded. | ||
(() => { | ||
const currentTheme = window.localStorage && window.localStorage.getItem('theme') || ''; | ||
const isDark = currentTheme === 'dark'; | ||
const pagebody = document.getElementsByTagName('body')[0] | ||
if (isDark) { | ||
pagebody.classList.add('dark-theme'); | ||
// mobile | ||
document.getElementById("mobile-toggle-theme").innerText = "· Dark" | ||
} else { | ||
pagebody.classList.remove('dark-theme'); | ||
// mobile | ||
document.getElementById("mobile-toggle-theme").innerText = "· Light" | ||
} | ||
})(); | ||
</script> | ||
|
||
<div class="wrapper"> | ||
<header> | ||
<nav class="navbar"> | ||
<div class="container"> | ||
<div class="navbar-header header-logo"><a href="/">Simba's Homepage</a></div> | ||
<div class="menu navbar-right"> | ||
|
||
<a class="menu-item" href="/archives">Posts</a> | ||
|
||
<a class="menu-item" href="/category">Categories</a> | ||
|
||
<a class="menu-item" href="/tag">Tags</a> | ||
|
||
<a class="menu-item" href="/about">About</a> | ||
|
||
<input id="switch_default" type="checkbox" class="switch_default"> | ||
<label for="switch_default" class="toggleBtn"></label> | ||
</div> | ||
</div> | ||
</nav> | ||
|
||
|
||
<nav class="navbar-mobile" id="nav-mobile"> | ||
<div class="container"> | ||
<div class="navbar-header"> | ||
<div> | ||
<a href="/">Simba's Homepage</a><a id="mobile-toggle-theme">· Light</a> | ||
</div> | ||
<div class="menu-toggle" onclick="mobileBtn()">☰ Menu</div> | ||
</div> | ||
<div class="menu" id="mobile-menu"> | ||
|
||
<a class="menu-item" href="/archives">Posts</a> | ||
|
||
<a class="menu-item" href="/category">Categories</a> | ||
|
||
<a class="menu-item" href="/tag">Tags</a> | ||
|
||
<a class="menu-item" href="/about">About</a> | ||
|
||
</div> | ||
</div> | ||
</nav> | ||
|
||
</header> | ||
<script> | ||
var mobileBtn = function f() { | ||
var toggleMenu = document.getElementsByClassName("menu-toggle")[0]; | ||
var mobileMenu = document.getElementById("mobile-menu"); | ||
if(toggleMenu.classList.contains("active")){ | ||
toggleMenu.classList.remove("active") | ||
mobileMenu.classList.remove("active") | ||
}else{ | ||
toggleMenu.classList.add("active") | ||
mobileMenu.classList.add("active") | ||
} | ||
} | ||
</script> | ||
<div class="main"> | ||
<div class="container"> | ||
|
||
|
||
<div class="post-toc"> | ||
<div class="tocbot-list"> | ||
</div> | ||
<div class="tocbot-list-menu"> | ||
<a class="tocbot-toc-expand" onclick="expand_toc()">Expand all</a> | ||
<a onclick="go_top()">Back to top</a> | ||
<a onclick="go_bottom()">Go to bottom</a> | ||
</div> | ||
</div> | ||
|
||
<script> | ||
var tocbot_timer; | ||
var DEPTH_MAX = 6; // 为 6 时展开所有 | ||
var tocbot_default_config = { | ||
tocSelector: '.tocbot-list', | ||
contentSelector: '.post-content', | ||
headingSelector: 'h1, h2, h3, h4, h5', | ||
orderedList: false, | ||
scrollSmooth: true, | ||
onClick: extend_click, | ||
}; | ||
|
||
function extend_click() { | ||
clearTimeout(tocbot_timer); | ||
tocbot_timer = setTimeout(function() { | ||
tocbot.refresh(obj_merge(tocbot_default_config, { | ||
hasInnerContainers: true | ||
})); | ||
}, 420); // 这个值是由 tocbot 源码里定义的 scrollSmoothDuration 得来的 | ||
} | ||
|
||
document.ready(function() { | ||
tocbot.init(obj_merge(tocbot_default_config, { | ||
collapseDepth: 1 | ||
})); | ||
}); | ||
|
||
function expand_toc() { | ||
var b = document.querySelector('.tocbot-toc-expand'); | ||
var expanded = b.getAttribute('data-expanded'); | ||
expanded ? b.removeAttribute('data-expanded') : b.setAttribute('data-expanded', true); | ||
tocbot.refresh(obj_merge(tocbot_default_config, { | ||
collapseDepth: expanded ? 1 : DEPTH_MAX | ||
})); | ||
b.innerText = expanded ? 'Expand all' : 'Collapse all'; | ||
} | ||
|
||
function go_top() { | ||
window.scrollTo(0, 0); | ||
} | ||
|
||
function go_bottom() { | ||
window.scrollTo(0, document.body.scrollHeight); | ||
} | ||
|
||
function obj_merge(target, source) { | ||
for (var item in source) { | ||
if (source.hasOwnProperty(item)) { | ||
target[item] = source[item]; | ||
} | ||
} | ||
return target; | ||
} | ||
</script> | ||
|
||
|
||
|
||
<article class="post-wrap"> | ||
<header class="post-header"> | ||
<h1 class="post-title">RPKI IPchain (PaperReading)</h1> | ||
|
||
<div class="post-meta"> | ||
|
||
Author: <a itemprop="author" rel="author" href="/">Simba</a> | ||
|
||
|
||
|
||
<span class="post-time"> | ||
Date: <a href="#">October 12, 2023 12:52:56</a> | ||
</span> | ||
|
||
<!-- | ||
<span class="post-category"> | ||
Category: | ||
<a href="/categories/Resource-Public-Key-Infrastructure/">Resource Public Key Infrastructure</a> | ||
</span> | ||
--> | ||
|
||
|
||
<span class="post-category"> | ||
|
||
Category: | ||
|
||
|
||
|
||
<a href="/categories/Resource-Public-Key-Infrastructure/">Resource Public Key Infrastructure</a> | ||
|
||
|
||
|
||
</span> | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="post-count"> | ||
|
||
Words: | ||
|
||
<a href="">601</a> | ||
|
||
</span> | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<span class="post-count"> | ||
|
||
Time: | ||
|
||
<a href="">3min</a> | ||
|
||
</span> | ||
|
||
|
||
</div> | ||
|
||
</header> | ||
|
||
<div class="post-content"> | ||
<h1 id="IPchain-Securing-IP-Prefix-Allocation-and-Delegation-with-Blockchain"><a href="#IPchain-Securing-IP-Prefix-Allocation-and-Delegation-with-Blockchain" class="headerlink" title="IPchain: Securing IP Prefix Allocation and Delegation with Blockchain"></a>IPchain: Securing IP Prefix Allocation and Delegation with Blockchain</h1><h2 id="Abstract"><a href="#Abstract" class="headerlink" title="Abstract"></a>Abstract</h2><ul> | ||
<li>We present IPchain, a blockchain to store the allocations and delegations of IP addresses, with the aim of easing the deployment of secure interdomain routing systems.</li> | ||
</ul> | ||
<h2 id="Introduction"><a href="#Introduction" class="headerlink" title="Introduction"></a>Introduction</h2><ul> | ||
<li>Unfortunately, the global deployment of the RPKI is slower than expected with only ∼9% of the total /24 IPv4 address blocks owned by the five Internet Registries being protected by the RPKI.</li> | ||
<li>In this paper we propose IPchain: a blockchain to store IP address allocation and delegation data. </li> | ||
<li>Three of these properties stand out when compared to the RPKI: (i) the ability to create flexible trust models, providing a different balance of power between CAs and downstream users, (ii) simplified management, especially regarding common PKI operations such as key rollover and (iii) auditability: blockchain’s append-only ledger can detect possible configuration errors even before a modification.</li> | ||
<li>IPchain allows its participants to exchange IP prefixes just like in coins are transferred in Bitcoin.</li> | ||
</ul> | ||
<h2 id="Why-blockchain"><a href="#Why-blockchain" class="headerlink" title="Why blockchain?"></a>Why blockchain?</h2><ul> | ||
<li>Flexible trust models: Some researchers argue that the centralized nature of the RPKI hinders its deployment[6]. This is due to the fact that its users (typically ISPs) have to trust the RPKI CA, which can arbitrarily revoke any downstream certificate[9].</li> | ||
<li>Simplified management: A key rollover in a blockchain can be easily performed transferring a coin/asset to a new address (keypair).</li> | ||
<li>Privacy: Blockchain transactions are not linked to the user’s identity, just to a public key.</li> | ||
<li>Consistent vision of the state: Exactly like in Bitcoin, in the RPKI we need to keep track of the owner of each IP prefix (coins), e.g. to avoid the transfer of the same prefix to two different users (double-spending).</li> | ||
<li>Auditability: Given the permanent nature of blockchain records, it is possible to determine if an object (e.g. a ROA) utilizing a particular resource (e.g. an IP address) has been made obsolete by a new object.</li> | ||
</ul> | ||
<h2 id="Which-consensus-algorithm"><a href="#Which-consensus-algorithm" class="headerlink" title="Which consensus algorithm?"></a>Which consensus algorithm?</h2><ul> | ||
<li>In a Proof of Stake (PoS [14]) blockchain, participants with more assets/coins are more likely to add blocks. </li> | ||
<li>This aspect is of particular importance in the context of IPchain: users holding a large number of IP addresses are more likely to add blocks. </li> | ||
<li>In a blockchain for IP addresses, this would mean buying IP addresses from other parties. These parties do not have a clear incentive to sell their blocks of addresses to the attacker since IP addresses are an important economical asset.</li> | ||
</ul> | ||
<h2 id="Architecture-of-IPchain"><a href="#Architecture-of-IPchain" class="headerlink" title="Architecture of IPchain"></a>Architecture of IPchain</h2><ul> | ||
<li>IP prefixes as coins</li> | ||
<li>Supported Operation:Allocate, Delegate, Metadata<ul> | ||
<li>A delegated prefix cannot be further allocated.</li> | ||
</ul> | ||
</li> | ||
<li>Deployment<ul> | ||
<li>The deployment of our proposed blockchain mimics the current procedure used to allocate IP addresses, which is typically conformed of three tiers (figure 5). IANA, as the top-level regulator of Internet numbers, owns the genesis block keys. First, IANA allocates huge blocks of addresses to the Regional Internet Registries (1). Those, in turn, allocate or delegate blocks to its customers, usually ISPs (2). Finally, ISPs can also assign addresses to their users (3).</li> | ||
</ul> | ||
</li> | ||
<li>Other considerations<ul> | ||
<li>Rekeying: we only have to add a new transaction re-allocating the IP prefix to a new keypair controlled by ourselves.</li> | ||
<li>Privacy: Since IP addresses are linked to their owners’ public key, it is not possible to identify the holder only with the data in the blockchain.</li> | ||
<li>IPv6 Support: We create alternative blocks of v4 or v6 transactions.</li> | ||
</ul> | ||
</li> | ||
</ul> | ||
<h2 id="Implementation"><a href="#Implementation" class="headerlink" title="Implementation"></a>Implementation</h2><ul> | ||
<li>IPchain: <a target="_blank" rel="noopener" href="https://github.com/OpenOverlayRouter/blockchain-mapping-system">https://github.com/OpenOverlayRouter/blockchain-mapping-system</a></li> | ||
<li>PoS Consensus Algorithm: <ul> | ||
<li>NIST’s random beacon: <a target="_blank" rel="noopener" href="https://www.nist.gov/programs-projects/nistrandomness-beacon">https://www.nist.gov/programs-projects/nistrandomness-beacon</a></li> | ||
</ul> | ||
</li> | ||
<li>Peer-to-Peer Network: <ul> | ||
<li>The P2P module: Pyhton’s Twisted10 library <a target="_blank" rel="noopener" href="https://twistedmatrix.com/trac/">https://twistedmatrix.com/trac/</a></li> | ||
</ul> | ||
</li> | ||
</ul> | ||
|
||
</div> | ||
|
||
|
||
<section class="post-copyright"> | ||
|
||
<p class="copyright-item"> | ||
<span>Author:</span> | ||
<span>Simba</span> | ||
</p> | ||
|
||
|
||
|
||
<p class="copyright-item"> | ||
<span>License:</span> | ||
<span>Copyright (c) 2019 <a target="_blank" rel="noopener" href="http://creativecommons.org/licenses/by-nc/4.0/">CC-BY-NC-4.0</a> LICENSE</span> | ||
</p> | ||
|
||
|
||
<p class="copyright-item"> | ||
<span>Slogan:</span> | ||
<span>乳虎啸谷,百兽震惶</span> | ||
</p> | ||
|
||
|
||
</section> | ||
|
||
<section class="post-tags"> | ||
<div> | ||
<span>Tag(s):</span> | ||
<span class="tag"> | ||
|
||
|
||
<a href="/tags/Note/"># Note</a> | ||
|
||
<a href="/tags/Paper-Reading/"># Paper Reading</a> | ||
|
||
<a href="/tags/RPKI/"># RPKI</a> | ||
|
||
|
||
</span> | ||
</div> | ||
<div> | ||
<a href="javascript:window.history.back();">back</a> | ||
<span>· </span> | ||
<a href="/">home</a> | ||
</div> | ||
</section> | ||
<section class="post-nav"> | ||
|
||
|
||
<a class="next" rel="next" href="/2023/10/12/ZKP-1-2-Definitions-of-Zero-Knowledge-Interactive-Proofs/">ZKP1.2 Definitions of Zero Knowledge Interactive Proofs</a> | ||
|
||
</section> | ||
|
||
|
||
</article> | ||
</div> | ||
|
||
</div> | ||
<footer id="footer" class="footer"> | ||
<div class="copyright"> | ||
<span>© Simba | Powered by <a href="https://hexo.io" target="_blank">Hexo</a> & <a href="https://github.com/Siricee/hexo-theme-Chic" target="_blank">Chic</a></span> | ||
</div> | ||
</footer> | ||
|
||
</div> | ||
</body> | ||
|
||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.