Global Distributed Secure Mapping of Network Addresses

Proceedings of the ACM SIGCOMM 2021 Workshop on Technologies, Applications, and Uses of a Responsible Internet Pub Date : 2021-08-23 DOI:10.1145/3472951.3473503

Supraja Sridhara, F. Wirz, Joeri de Ruiter, C. Schutijser, M. Legner, A. Perrig

{"title":"Global Distributed Secure Mapping of Network Addresses","authors":"Supraja Sridhara, F. Wirz, Joeri de Ruiter, C. Schutijser, M. Legner, A. Perrig","doi":"10.1145/3472951.3473503","DOIUrl":null,"url":null,"abstract":"Next-generation Internet architectures are being designed and deployed to overcome limitations of today's Internet. One such architecture with an increasing production deployment is SCION [23], which also includes a transition mechanism to support an incremental deployment and coexistence with the legacy IP-based Internet: the SCION-IP gateway. This mechanism---and similar mechanisms in other next-generation architectures---requires a distributed system to translate between old (IP) and new (SCION) addresses at an Internet scale and must connect the different public-key infrastructures to enable secure operation. In this paper, we describe such a system for the SCION architecture. A gossip protocol distributes mappings between legacy IP and SCION addresses throughout the SCION network, and SCION's control-plane PKI and the Resource Public Key Infrastructure (RPKI) protect the authenticity of the individual mappings. We provide a prototype implementation and demonstrate that it scales to today's Internet with approximately one million IP prefixes.","PeriodicalId":294973,"journal":{"name":"Proceedings of the ACM SIGCOMM 2021 Workshop on Technologies, Applications, and Uses of a Responsible Internet","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM SIGCOMM 2021 Workshop on Technologies, Applications, and Uses of a Responsible Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3472951.3473503","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Next-generation Internet architectures are being designed and deployed to overcome limitations of today's Internet. One such architecture with an increasing production deployment is SCION [23], which also includes a transition mechanism to support an incremental deployment and coexistence with the legacy IP-based Internet: the SCION-IP gateway. This mechanism---and similar mechanisms in other next-generation architectures---requires a distributed system to translate between old (IP) and new (SCION) addresses at an Internet scale and must connect the different public-key infrastructures to enable secure operation. In this paper, we describe such a system for the SCION architecture. A gossip protocol distributes mappings between legacy IP and SCION addresses throughout the SCION network, and SCION's control-plane PKI and the Resource Public Key Infrastructure (RPKI) protect the authenticity of the individual mappings. We provide a prototype implementation and demonstrate that it scales to today's Internet with approximately one million IP prefixes.

查看原文本刊更多论文

网络地址的全局分布式安全映射

下一代互联网架构正在设计和部署，以克服当今互联网的局限性。其中一个不断增加生产部署的架构是SCION[23]，它还包括一个转换机制，以支持增量部署并与传统的基于ip的互联网共存:SCION- ip网关。这种机制——以及其他下一代体系结构中的类似机制——要求分布式系统在Internet规模上在旧(IP)和新(SCION)地址之间进行转换，并且必须连接不同的公钥基础设施以实现安全操作。在本文中，我们描述了一个基于SCION架构的系统。八卦协议在整个SCION网络中分发遗留IP和SCION地址之间的映射，而SCION的控制平面PKI和资源公钥基础设施(Resource Public Key Infrastructure, RPKI)保护各个映射的真实性。我们提供了一个原型实现，并演示了它可以扩展到今天大约有一百万个IP前缀的互联网。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ACM SIGCOMM 2021 Workshop on Technologies, Applications, and Uses of a Responsible Internet

自引率

0.00%

发文量