TY - BOOK

T1 - Advanced Geolocation Techniques and Geopolitical Integration for a Resilient Internet Infrastructure

AU - McCherry, Paul

PY - 2024

Y1 - 2024

N2 - Governments and institutions are alarmed by the number of recentincidents that have compromised the confidentiality, availability, andintegrity of critical infrastructure and services, and exposed the fragilityof the Internet architecture. BGP offers limited performance and securitymechanisms to protect the integrity of exchanged routing informationand to provide authentication and authorisation of the advertised IPaddress space. Instead, each AS operator implicitly trusts that therouting information exchanged through BGP is accurate. As a result,the Internet backbone is potentially exposed. To better inform BGPadministrators when choosing their routing paths, this thesis seeksto improve and advance current geolocation techniques, integratinggeopolitical considerations into IP routing and introducing new IPv4and IPv6 tools. By examining three distinct but interrelated aspects- improving current IP geolocation methods - enabling data routing forend users and network administrators - introducing a new IPv6 methodof IP geolocation - this research aims to contribute to a more secure,efficient, and geographically aware Internet infrastructure. The thesisbegins with an investigation of current techniques for geolocating hostsusing passive, active, and hybrid methods. This is followed by a survey ofthe fundamental problems that IP geolocation techniques must address.The survey points to the obvious difficulties in using Delay-Distancemodels and suggests that the use of Return-Trip Times can lead tohighly misleading results. The thesis builds on this current work byintroducing new procedures and methodologies to create fine-grainedmultilayer maps of the structure of the Internet. Next, the thesis exploresthe additional benefits that IPv6 can bring to IP geolocation. IPv6introduces a significant evolution in the area of Internet Protocols whichresolves many of the issues with the limitations of IPv4 and providesan improved framework for the future of the Internet. The concept ofextension headers is a feature that enhances the IPv6 protocol’s flexibilityand functionality, and it is key among these advancements. The thesisconceptualises the design of a new IPv6 extension header, which aimsto incorporate a geopolitical dimension into each data packet, optionallyallowing network paths to be dynamically adjusted based on countrycodes of transit networks. The thesis builds on this tool by developing anew IPv6 tool to map network infrastructure, aiming to surpass currentmethodologies in accuracy, comprehensiveness, and utility. The toolprovides a more precise and comprehensive mapping of the network’stopology, including geolocation data and peer connections of networknodes. The thesis discusses how we can build on these foundational toolsby combining them to produce new fault-finding techniques and a robustnetwork analysis methodology. These methods and tools will benefit BGPadministrators by informing them of better routing decisions, helping toavoid possible single points of failure, and enhancing overall networkresilience. Finally, we discuss some limitations of the proposed approachand summarise some next steps needed towards accurate and completeInternet infrastructure map

AB - Governments and institutions are alarmed by the number of recentincidents that have compromised the confidentiality, availability, andintegrity of critical infrastructure and services, and exposed the fragilityof the Internet architecture. BGP offers limited performance and securitymechanisms to protect the integrity of exchanged routing informationand to provide authentication and authorisation of the advertised IPaddress space. Instead, each AS operator implicitly trusts that therouting information exchanged through BGP is accurate. As a result,the Internet backbone is potentially exposed. To better inform BGPadministrators when choosing their routing paths, this thesis seeksto improve and advance current geolocation techniques, integratinggeopolitical considerations into IP routing and introducing new IPv4and IPv6 tools. By examining three distinct but interrelated aspects- improving current IP geolocation methods - enabling data routing forend users and network administrators - introducing a new IPv6 methodof IP geolocation - this research aims to contribute to a more secure,efficient, and geographically aware Internet infrastructure. The thesisbegins with an investigation of current techniques for geolocating hostsusing passive, active, and hybrid methods. This is followed by a survey ofthe fundamental problems that IP geolocation techniques must address.The survey points to the obvious difficulties in using Delay-Distancemodels and suggests that the use of Return-Trip Times can lead tohighly misleading results. The thesis builds on this current work byintroducing new procedures and methodologies to create fine-grainedmultilayer maps of the structure of the Internet. Next, the thesis exploresthe additional benefits that IPv6 can bring to IP geolocation. IPv6introduces a significant evolution in the area of Internet Protocols whichresolves many of the issues with the limitations of IPv4 and providesan improved framework for the future of the Internet. The concept ofextension headers is a feature that enhances the IPv6 protocol’s flexibilityand functionality, and it is key among these advancements. The thesisconceptualises the design of a new IPv6 extension header, which aimsto incorporate a geopolitical dimension into each data packet, optionallyallowing network paths to be dynamically adjusted based on countrycodes of transit networks. The thesis builds on this tool by developing anew IPv6 tool to map network infrastructure, aiming to surpass currentmethodologies in accuracy, comprehensiveness, and utility. The toolprovides a more precise and comprehensive mapping of the network’stopology, including geolocation data and peer connections of networknodes. The thesis discusses how we can build on these foundational toolsby combining them to produce new fault-finding techniques and a robustnetwork analysis methodology. These methods and tools will benefit BGPadministrators by informing them of better routing decisions, helping toavoid possible single points of failure, and enhancing overall networkresilience. Finally, we discuss some limitations of the proposed approachand summarise some next steps needed towards accurate and completeInternet infrastructure map

U2 - 10.17635/lancaster/thesis/2451

DO - 10.17635/lancaster/thesis/2451

M3 - Doctoral Thesis

PB - Lancaster University

ER -