Origin authentication in interdomain routing

Computer Science and Engineering, Pennsylvania State University, 344 IST Building, University Park, PA 16802, United States; Department of Computer Science, University of British Columbia, 201 Main Mall, Vancouver, Canada, BC V6T 1Z4; Center for Computational Learning Systems, Columbia University, 475 Riverside Ave, New York, NY 10115, United States
Computer Networks (Impact Factor: 1.23). 11/2003; DOI: 10.1016/j.comnet.2005.11.007
Source: CiteSeer

ABSTRACT Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication; there is no way to validate claims of address ownership or location. The lack of such services not only enables attacks by malicious entities, but also indirectly allows seemingly inconsequential misconfigurations to disrupt large portions of the Internet. This paper considers the semantics, design, and costs of origin authentication in interdomain routing. We formalize the semantics of address delegation and use on the Internet, and develop and characterize original, broad classes of origin authentication proof systems. We estimate the address delegation graph representing the current use of IPv4 address space using available routing data. This effort reveals that current address delegation is dense and relatively static: as few as 16 entities perform 80% of the delegation on the Internet. We conclude by evaluating the proposed services via trace-based simulation, which demonstrates that the enhanced proof systems can significantly reduce resource costs associated with origin authentication.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We describe a new networking primitive, called a Path Verifi- cation Mechanism (PVM). There has been much recent work about how senders and receivers express policies about the paths that their packets take. For instance, a company might want fine-grained control over which providers carry which traffic between its branch offices, or a receiver may want traf- fic sent to it to travel through an intrusion detection service. While the ability to express policies has been well-studied, the ability to enforce policies has not. The core challenge is: if we assume an adversarial, decentralized, and high-speed environment, then when a packet arrives at a node, how can the node be sure that the packet followed an approved path? Our solution, ICING, incorporates an optimized cryp- tographic construction that is compact, and requires negligi- ble configuration state and no PKI. We demonstrate ICING's plausibility with a NetFPGA hardware implementation. At 93% more costly than an IP router on the same platform, its cost is significant but affordable. Indeed, our evaluation sug- gests that ICING can scale to backbone speeds.
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose a cooperative management method to increase the service survivability in a large-scale networked information system. We assume that the system is composed of multiple domains and there exists a domain manager in each domain, which is responsible to monitor network traffics and control resource usage in the domain. Inter-domain cooperation against distributed denial of service (DDoS) attacks is achieved through the exchange of pushback and feedback messages. The management method is designed not only to prevent network resources from being exhausted by the attacks but also to increase the possibility that legitimate users can fairly access the target services. Though the experiment on a test-bed, the proposed method was verified to be able to maintain high survivability in a cost-effect manner even when DDoS attacks exist.
    Computational Science and Its Applications - ICCSA 2005, International Conference, Singapore, May 9-12, 2005, Proceedings, Part I; 01/2005
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper develops an empirical profile of BGP prefix announcements that originate from multiple ASes, so-called MOAS announcements. Analysis of Oregon RouteViews data over one year shows that a small fraction of prefixes are responsible for a very large fraction of all origin AS transitions observed at RouteViews. More-over, these heavy-hitter prefixes oscillated between two origin ASes. The prevalence of this behavior indicates that a clear profile of its characteristics will inform a larger understanding of MOASes and ultimately BGP. The central contribution of this paper is a detailed analysis of these MOAS multihoming oscillations at different time scales. We empirically derive a model of AS disturbance periods during which the origin AS observed oscillates with heavy tailed holding times. We demonstrate that these disturbances arrive according to a Pois-son process. We also show that the update stream within these dis-turbances exhibits long range dependence. Using simulations, and physical-based modeling of events at origin to drive these simulations, we demonstrate that heavy-tailed oscillation at the origin is a possi-ble explanation for our observations (while the complex interplay of the BGP protocol and network topology is not such an explanation). Comparison with BGP beacon data verifies our simulations that dis-crete and singular events at the origin do not generate heavy-tailed os-cillations at the viewpoint. In sum, we find that AS oscillations driven by heavy-tailed oscillations between different multihomed providers are a widespread and important BGP phenomenon with complex but recognizable signatures such as heavy-tailed holding times and long-range dependence.


Available from