Governments and institutions are alarmed by the number of recent
incidents that have compromised the confidentiality, availability, and
integrity of critical infrastructure and services, and exposed the fragility
of the Internet architecture. BGP offers limited performance and security
mechanisms to protect the integrity of exchanged routing information
and to provide authentication and authorisation of the advertised IP
address space. Instead, each AS operator implicitly trusts that the
routing information exchanged through BGP is accurate. As a result,
the Internet backbone is potentially exposed. To better inform BGP
administrators when choosing their routing paths, this thesis seeks
to improve and advance current geolocation techniques, integrating
geopolitical considerations into IP routing and introducing new IPv4
and IPv6 tools. By examining three distinct but interrelated aspects
- improving current IP geolocation methods - enabling data routing for
end users and network administrators - introducing a new IPv6 method
of IP geolocation - this research aims to contribute to a more secure,
efficient, and geographically aware Internet infrastructure. The thesis
begins with an investigation of current techniques for geolocating hosts
using passive, active, and hybrid methods. This is followed by a survey of
the fundamental problems that IP geolocation techniques must address.
The survey points to the obvious difficulties in using Delay-Distance
models and suggests that the use of Return-Trip Times can lead to
highly misleading results. The thesis builds on this current work by
introducing new procedures and methodologies to create fine-grained
multilayer maps of the structure of the Internet. Next, the thesis explores
the additional benefits that IPv6 can bring to IP geolocation. IPv6
introduces a significant evolution in the area of Internet Protocols which
resolves many of the issues with the limitations of IPv4 and provides
an improved framework for the future of the Internet. The concept of
extension headers is a feature that enhances the IPv6 protocol’s flexibility
and functionality, and it is key among these advancements. The thesis
conceptualises the design of a new IPv6 extension header, which aims
to incorporate a geopolitical dimension into each data packet, optionally
allowing network paths to be dynamically adjusted based on country
codes of transit networks. The thesis builds on this tool by developing a
new IPv6 tool to map network infrastructure, aiming to surpass current
methodologies in accuracy, comprehensiveness, and utility. The tool
provides a more precise and comprehensive mapping of the network’s
topology, including geolocation data and peer connections of network
nodes. The thesis discusses how we can build on these foundational tools
by combining them to produce new fault-finding techniques and a robust
network analysis methodology. These methods and tools will benefit BGP
administrators by informing them of better routing decisions, helping to
avoid possible single points of failure, and enhancing overall network
resilience. Finally, we discuss some limitations of the proposed approach
and summarise some next steps needed towards accurate and complete
Internet infrastructure map