summaryrefslogtreecommitdiff
path: root/network.tex
blob: 0da66eaa0ff1220ac5f6bd135ae2066f2c2ac95d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
\documentclass[letterpaper]{article}
\usepackage{xcolor}
\usepackage{soul}
\usepackage{fancyhdr}
\usepackage{tipa}
\usepackage[all]{xy}
%header info
\pagestyle{fancy}
\fancyhf{}
\lhead{\rightmark}
\rhead{\thepage}
\cfoot{\thepage}
%REDACTED
\sethlcolor{red}
\newcommand{\REDACTED}{\textcolor{white}{\hl{REDACTED}}}
%Titles
\title{A Distributed Physical Network to Replace TCP/IP}
\date{December 21, 2017}
\author{Haoran S. Diao}
\begin{document}
	\maketitle
	\begin{abstract}
	The physical infrastructure of the present internet is hierarchal in nature. Both DNS and packet routing require giving trust to 
	\end{abstract}

A distributed, physical protocol agnostic,  mesh-network with global addressing using the blockchain
The current physical addressing and packet routing system of the TCP/IP(DNS)(IP) is hierarchal in nature, which allows for single weakpoints of attack(DNS Attack) and allow for centralized censorship of packets to certain addreses(Great firewall). This paper proposes a distributed mesh-network aimed at replacing TCP/IP. Nodes in this network register addresses using a global blockchain, while packet routing is done with local blockchains. Because of the distributed nature of this network, any physical protocol capable of transporting packets can be registered as an edge onto the network, allowing for flexibility and robustness.

Requirements:
	The following assumptions and requirements have been made:
	RSA encryption can be applied to every packet going through the network without being too computationally expensive.
	A Global blockchain with as many participants as the present internet would have transaction times of minutes or hours scale.
	Physical communication between nodes is not handled by the network, that is.
	Even if two nodes in the network of capable to communicating, it is the choice of the node to not register 
	The size of packets is not limited.
	There is no trustless way of verifying the exact time at which a block is added to the blockchain, only that it happened after another block.
	some system similar to NTS is in place to sync times.
Global Addressing
	A node address consists of an assymetric encryption public key, Kpub; a digital signature public key, Spub; a UUID, ID, used to refer to the address; and the ID of the node-group it belongs to. Although the Kpub itself could be used as a reference, UUID would be much shorter, and allow for references to all be the same size, while still being able to use a constant length reference.
	A record of an address in the global address blockchain, hereafter refered to a the "address blockchain" therefore consists of an adress, as well as a signature made with Spriv of that address.
	Addresses are stored in a global address blockchain. The specifics of which out of which are outside of the scope of this paper. Any existing blockchain that allows writing of arbitrary data is theoretically suitable for use as the global address blockchain, but for the sake of speed a generic custom blockchain will be implemented with small blocksizes and low hashing requirements.
	
	addresses need to rerecorded onto the blockchain in order for them not to "expire", with expiration times being recorded in blocks added to the address blockchain since the address was last recorded.This provides a cost to registering an address that prevent spamming, and allows derelict IDs to be reclaimed or disregarded.
	Not all devices are capable of mining blocks for the address blockchain, but an address record does not need to be mined by the address owner. Although this creates an avenue for discrimination against a certain address being rerecorded if the network is sufficiently small and a coordinated effort is made by all miners. this is all left to be arranged by node owner out-of-band of the network as it is outside of the scope of this network to track transaction ledgers.
	node group addresses.
		node groups are required to be updated more often, and are required to be updated more often.
		a node group address consists of the following :
			a UUID, ID
			a list of ID's of it's member nodes
		any recording and rerecording of a node-group address has to have the signatures of atleast half of all member nodes.
		In order for a node to be added as a member, it has to sign that the record where it is added.
		A node can be removed without it's signature, and this only requires half of the members in a node-group.
	supernodegroup addresses
		super node-groups are the same, except with node-group IDs instead of node IDs.
	Why a global blockchain
	A global blockchain allows for distributed, global look-up of routing information, but is slow to update. The solution to this problem is described in the node-groups subsection. 
routing information
	a path to a node on the network  takes the form
	The network is of the form
		H--3ms--I
		|	|
	       1ms     2ms
		|	|
	A--1ms--B--2ms--J-10ms--K
		|	|	|
	       1ms     5ms     6ms
		|	|	|
		C--3ms--D--1ms--E--6ms--+
			|	|	|
		       7ms     3ms	|
			|	|	|
			L--5ms--F--1ms--G
	
	a---e---f
	when packet A wants to send a packet to packet B, it looks up B's address in the address blockchain, and finds that

	A->B->C->D->E->F->G
Packet Composition
	The sender of a packet is anonymous to anyone but the recipient, removing the ability for intermediate nodes on the network to discriminate based on that. This howeer, still allows malicious actors to discriminate against packets specifically destined for a certain address after receiving them.
	 
	A packet consists of a header with the recipient address UUID and expiration time, and a encrypted body. There are two types of packets, initiation packets and session packets, for which the type of encryption and content of the packets are different.
	
	In an initiation packet, the body is encrypted with the Kpub of the recipient and consists of the sender address ID, the packet data and a signature made on the data by the Spriv of the sender. In place of packet data a symmetric session key(SK) can be placed to initiate a "session" consisting of more than one packet. further packets are sent with session packets.
	
	In a session packet, the encrypted block consistes of the sender address ID, and the packet data encypted again with the symmetric key established above.
	Expiration time can be recorded with a timestamp from the sender and a timeout time. assuming a network time sync protocol is implemented over this network. There are no guards against falsifying this information, so a malicious node 
Session establishment.
	In order for two nodes, nodes A, the initiater, and B, the responder, to communicate, node A must first send an initiation packet with B consisting of their Session Key, SK. Data is then sent from A to B and B to A with session packets using that SK.
	Since Session initiation does not require significant overhead, SKs are meant to expire very quickly, with new initiation packets being sent on a regular basis even on the same connection.
Packet Routing
	Edge registration.
	Consider for a moment, a hypothetical network where edge information is recorded in a blockchain. Even though a node can say that it connects to another node, there is no way of knowing without the other node confirming. Therefore, to register that an edge exists between two nodes, nodes A and B, proof has to be made that they actually are connected.
	C---A---B
	The process for this is as follows
	Node A announces with a record on the routing blockchain that it has an edge with node B
	Node B confirms with another record.
	Node C sends a secret through A to B.
	Node A adds the hash of the secret to the blockchain.
	Node B adds the hash of the secret salted with it's UUID.
	Node C, can then verfy that the packet was sent to through node A to B, and also get and estimate for the latency between these nodes.
	Another problem with this is that nodes A and B can not be verified to be directly connected to eachother, node A could communicate to B through a privy node, or in an obsfucated manner through another unsuspecting node. However, all that matters to node C in this situation is that nodes A and B are close enough for the latency to be small.
global lim
	Node edges can not be tracked globally, the reasons for this are two-fold.
	A global blockchain can not register changes in node edges fast enough. block verification time for a global blockchain would be too slow to record the rapid changes in connectivity between nodes.
	For a network of size N, there can be at most N! edges and at least N-1 edges, all of which would have to be tracked and verified in order to route packet.

	Therefore, nodes on the network must be divided into nodegroups, each with their own record of edges stored in a local routing blockchain, node-groups can then act as nodes into level 1 a super-nodegroup, and those super-nodegroups being capable of forming level 2 supernodegroups and so on, each with their own routing blockchains. 

		Node formation
			Node-group starts with an anchor-node, which announces that it is to form a node-group. The anchor-node registers an address for the nodegroup in the global address blockchain. It attempts to join a supernode if one exists and if not creates it's own supernode with the same process.  The anchor-node then also reports itself as a part of the newly formed node-group in the global address blokchain, the difference here being that a node-group record has no K and can have multiple S, all of which have to sign any new record of the address.
			Any node looking to join a node-group looks at the other nodes it is connected to and looks up the node-groups they belong to. It verifies the connections for these nodegroups and takes note of the latencies involved. the node then joins the node-group with acceptable latency and whose connections are all verifiable. If it does not find one then it starts it's own node group, and if no supernode-group exists, then one has to be formed because there are now 
			The joining node announces that it is joining a subgroup in the routing blockchain by writing a new address record without the signatures. It also announces any edges it has to the nodegroup, as well as any other nodegroups it is a part of. 
			After verifying, each member of the nodegroup adds it's signature  to the routing blockchain. When atleast half the members have signed, the joining node rerecords the new address record to the global address blockchain, as well as update it's own address. 
			If the joining node is also in another nodegroup that was previously not connected, then the nodegroup also reports a new edge to the supernodegroup routing blockchain.
			
Node-group action
Attacks