TY - BOOK

T1 - Advanced geolocation techniques and geopolitical integration for a resilient internet infrastructure

AU - McCherry, Paul

PY - 2025

Y1 - 2025

N2 - Governments and institutions are alarmed by the number of recent incidents that have compromised the confidentiality, availability, and integrity of critical infrastructure and services, and exposed the fragility of the Internet architecture. BGP offers limited performance and security mechanisms to protect the integrity of exchanged routing information and to provide authentication and authorisation of the advertised IP address space. Instead, each AS operator implicitly trusts that the routing information exchanged through BGP is accurate. As a result, the Internet backbone is potentially exposed. To better inform BGP administrators when choosing their routing paths, this thesis seeks to improve and advance current geolocation techniques, integrating geopolitical considerations into IP routing and introducing new IPv4 and IPv6 tools. By examining three distinct but interrelated aspects - improving current IP geolocation methods - enabling data routing for end users and network administrators - introducing a new IPv6 method of IP geolocation - this research aims to contribute to a more secure, efficient, and geographically aware Internet infrastructure. The thesis begins with an investigation of current techniques for geolocating hosts using passive, active, and hybrid methods. This is followed by a survey of the fundamental problems that IP geolocation techniques must address. The survey points to the obvious difficulties in using Delay-Distance models and suggests that the use of Return-Trip Times can lead to highly misleading results. The thesis builds on this current work by introducing new procedures and methodologies to create fine-grained multilayer maps of the structure of the Internet. Next, the thesis explores the additional benefits that IPv6 can bring to IP geolocation. IPv6 introduces a significant evolution in the area of Internet Protocols which resolves many of the issues with the limitations of IPv4 and provides an improved framework for the future of the Internet. The concept of extension headers is a feature that enhances the IPv6 protocol's flexibility and functionality, and it is key among these advancements. The thesis conceptualises the design of a new IPv6 extension header, which aims to incorporate a geopolitical dimension into each data packet, optionally allowing network paths to be dynamically adjusted based on country codes of transit networks. The thesis builds on this tool by developing a new IPv6 tool to map network infrastructure, aiming to surpass current methodologies in accuracy, comprehensiveness, and utility. The tool provides a more precise and comprehensive mapping of the network's topology, including geolocation data and peer connections of network nodes. The thesis discusses how we can build on these foundational tools by combining them to produce new fault-finding techniques and a robust network analysis methodology. These methods and tools will benefit BGP administrators by informing them of better routing decisions, helping to avoid possible single points of failure, and enhancing overall network resilience. Finally, we discuss some limitations of the proposed approach and summarise some next steps needed towards accurate and complete Internet infrastructure maps.

AB - Governments and institutions are alarmed by the number of recent incidents that have compromised the confidentiality, availability, and integrity of critical infrastructure and services, and exposed the fragility of the Internet architecture. BGP offers limited performance and security mechanisms to protect the integrity of exchanged routing information and to provide authentication and authorisation of the advertised IP address space. Instead, each AS operator implicitly trusts that the routing information exchanged through BGP is accurate. As a result, the Internet backbone is potentially exposed. To better inform BGP administrators when choosing their routing paths, this thesis seeks to improve and advance current geolocation techniques, integrating geopolitical considerations into IP routing and introducing new IPv4 and IPv6 tools. By examining three distinct but interrelated aspects - improving current IP geolocation methods - enabling data routing for end users and network administrators - introducing a new IPv6 method of IP geolocation - this research aims to contribute to a more secure, efficient, and geographically aware Internet infrastructure. The thesis begins with an investigation of current techniques for geolocating hosts using passive, active, and hybrid methods. This is followed by a survey of the fundamental problems that IP geolocation techniques must address. The survey points to the obvious difficulties in using Delay-Distance models and suggests that the use of Return-Trip Times can lead to highly misleading results. The thesis builds on this current work by introducing new procedures and methodologies to create fine-grained multilayer maps of the structure of the Internet. Next, the thesis explores the additional benefits that IPv6 can bring to IP geolocation. IPv6 introduces a significant evolution in the area of Internet Protocols which resolves many of the issues with the limitations of IPv4 and provides an improved framework for the future of the Internet. The concept of extension headers is a feature that enhances the IPv6 protocol's flexibility and functionality, and it is key among these advancements. The thesis conceptualises the design of a new IPv6 extension header, which aims to incorporate a geopolitical dimension into each data packet, optionally allowing network paths to be dynamically adjusted based on country codes of transit networks. The thesis builds on this tool by developing a new IPv6 tool to map network infrastructure, aiming to surpass current methodologies in accuracy, comprehensiveness, and utility. The tool provides a more precise and comprehensive mapping of the network's topology, including geolocation data and peer connections of network nodes. The thesis discusses how we can build on these foundational tools by combining them to produce new fault-finding techniques and a robust network analysis methodology. These methods and tools will benefit BGP administrators by informing them of better routing decisions, helping to avoid possible single points of failure, and enhancing overall network resilience. Finally, we discuss some limitations of the proposed approach and summarise some next steps needed towards accurate and complete Internet infrastructure maps.

KW - IPv6

KW - Node Information Queries

KW - IP Geolocation

KW - Internet Resilience

KW - Internet Topology Mapping

KW - Geopolitical Routing

KW - RIPE Atlas

KW - Network Infrastructure Visualization

KW - Internet Exchange Points

KW - BGP Security

KW - Autonomous Systems

KW - Traceroute Enhancement

KW - Geolocation Accuracy

KW - PeeringDB

KW - Control Plane Mapping

KW - Data Sovereignty

KW - Cybersecurity Policy

U2 - 10.17635/lancaster/thesis/2774

DO - 10.17635/lancaster/thesis/2774

M3 - Doctoral Thesis

PB - Lancaster University

ER -