Fragmentation of the net ahead?

Monika Ermert, Heise, Intellectual Property Watch, VDI-Nachrichten, Germany

PUBLISHED ON: 09 Oct 2013

Chief officers of the five regional IP address registries (RIRs), the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Engineering Task Force and the World Wide Web Consortium are concerned about the fragmentation of the internet. In a declaration passed in Montevideo on October 7 they "warned against Internet fragmentation at a national level“ and "expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance."

The private net administrators are favouring universal and centralised management of core internet resources and have been in the business to allocate universal name and number resources for an internet time eternity. Yet centralised administration also results in single (or few) points of failure, which are easy to attack – technically and also politically.

Possible unintended side effects of a centralisation effort can be currently seen in a debate about a more secure routing system. Adding a Routing Public Key Infrastructure (RPKI) to the currently rather decentralised routing system could result not only in more security against route hijacking, but also in providing the tools to create nationalised views of the internet – the very thing those warning against fragmentation want to avoid.

The good idea behind the Routing Public Key Infrastructure

The certificate system RPKI has been developed and discussed for years, and parts of the technology have been deployed in some islands for some time. Namely certification of IP addresses and the so called autonomous system numbers (that designate a space in the internet that is managed by one internet service provider (ISP) or, at least, one common routing policy) has been underway in Europe for some time. The core idea behind RPKI is to allow automated checks if the announcement of IP addresses come from the real owners or have been hi-jacked by somebody else.

Allowing for better security, the certificate system that is organised by the Regional Internet Registries who hand out the certificates alongside the resource they have allocated, seems a no-brainer. Yet members of the European IP networks management organisation RIPE have been highly worried about potential unintended political side effects.

Systems could be pushed off the net

Their concern: once the certificates are made part of a world wide system of validation of so-called Route Origin Authorizations (ROAs), devalidation would mean the respective system would become a rogue system and, if automation is high, just be pushed off the net.

The five RIRs could be obliged by the respective governments to just cancel a certificate. Government authorities in the Netherlands have in at least one instance asked to cancel the allocation of IP address blocks, in an effort to help out US law enforcement – with no certificate or ROA checks in place, certainly the effect has been minor and moreover RIPE NCC, the operative arm of the RIPE, rolled back its decision after taking legal advice.

Given the lack of trust already on the regional level (with 120 over 116 votes to continue RPKI implementation in the RIPE region), the centralisation of the certificate system and the setting up of a single trust anchor at US based IANA has been pushed aside so far. But the idea is still on the table and heavily discussed, even among the five RIRs.

Stakeholders worry about unintended consequences

You think that some governments might love to have a place they can go and say, take this space out of the public internet. At the same time not only network operators, but governments themselves have started to think twice about unintended consequences.

National governments are afraid that a certification authority – a RIR – could be pressured into taking out the certificates for their critical infrastructure, for example, so that their resources might stop to be visible on the net, explains Steve Kent, researcher of US Government contractor BBN. A country like China that is dependant on RIR certificates from an RIR in Australia, for example, was among the concerned Kent had in mind.

Protection against such hacks by state or other actors in Kent’s proposal, includes an additional layer of reference. According to it the state of “Elbonia” would be able to "mandate“ that every internet number resource holder points to an authoritative file with log records managed by the Elbonian government. Elbonian ISPs would also be obliged to use this file to draw the correct routing table view.  

Centralised trust anchor may result in localised internet world views

Very different views of the internet would become possible by this, routing experts such as Randy Bush - who has written a lot of RPKI specifications funded by the US Government - confirm. A local trust anchor, Bush writes in a compilation of use cases, could be necessary to defend against a "Dutch Court Attack," to allow organisations to route around one jurisdiction's edition of the internet. At the same time, a localised trust anchor could also be used to propagate one's own rewritten view of the routing table.

'Balkanisation' of the net was a possible scenario, Brendon Kuerbis, researcher at Syracuse University’s School of Information Studies and author of an article on the localised trust anchor management at the Internet Governance Project, wrote in an answer to the Internet Policy Review. "There is certainly a risk it could be used for that. It depends on if and how it is deployed.“ A lot of resistance to the 'balkanisation' threat from transnational network operators, Kuerbis wrote, could be expected, though.

One question remains: Can the RIRs and ICANN push against fragmentation on the one hand and for a tool risking fragmentation in the end on the other? Somehow they can.

Add new comment