Internet Unite-And-Conquer Architecture

This paper presents UnC (Unite and Conquer), a network architecture for the Internet that provides a self-certifying mechanism to reliably distribute, retrieve, and authenticate the public keys across the Internet. UnC may be used in parallel with the existing Public Key Infrastructure (PKI) ecosystem to provide an additional validation step for certificates offered by the PKI model. Leveraging the properties of the Internet infrastructure combined with cooperation from other hosts that act as notaries, UnC attests to the stability of certificates in time and space. By uniting notaries, UnC overwhelms and outnumbers attackers, and it uses this unity to conquer attack plots. Unlike existing proposals aimed to incorporate accountability into the Internet, UnC does not require external certificate hierarchies or certificate authorities to manage digital certificates. UnC can also be integrated in the Secure DNS (DNSSEC) protocols as well as the Secure BGP (S-BGP) protocol to eliminate the need for external key structures while protecting bindings between the entities and their IP addresses, and the integrity of the routing tables between Autonomous Systems. This paper describes the UnC architecture in detail, including the actions of each different kind of participant. It describes how UnC deals with well-known attack models, which are readily available on the Internet. The major contribution of this work is to open up a new door for the research community to exploit the predominance of good nodes over malicious ones in order to enhance the security of the PKI ecosystem and the Internet.