Article

Origin authentication in interdomain routing

Center for Computational Learning Systems, Columbia University, 475 Riverside Ave, New York, NY 10115, United States
Computer Networks (Impact Factor: 1.28). 11/2003; DOI: 10.1016/j.comnet.2005.11.007
Source: DBLP

ABSTRACT Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication; there is no way to validate claims of address ownership or location. The lack of such services not only enables attacks by malicious entities, but also indirectly allows seemingly inconsequential misconfigurations to disrupt large portions of the Internet. This paper considers the semantics, design, and costs of origin authentication in interdomain routing. We formalize the semantics of address delegation and use on the Internet, and develop and characterize original, broad classes of origin authentication proof systems. We estimate the address delegation graph representing the current use of IPv4 address space using available routing data. This effort reveals that current address delegation is dense and relatively static: as few as 16 entities perform 80% of the delegation on the Internet. We conclude by evaluating the proposed services via trace-based simulation, which demonstrates that the enhanced proof systems can significantly reduce resource costs associated with origin authentication.

1 Follower
 · 
169 Views
  • Source
    • "There are detailed best practices and recommendations [59], which can be used as a first line of defense in mitigating the BGP anomalies, but even after such countermeasures, BGP remains vulnerable to some major attacks related to the authenticity and integrity of the exchanged information, stemming from the implicit trust model and the lack of intrinsic security mechanisms in BGP. As a result, several security mechanisms and protocols have been proposed during the past decade or so [60] [61] [62] [63] [64] [65] [66] [67] [68] [69] [70] [71] [72] [73] [74] [75] [76] [77] [78] [79] [80] [81], suggesting from small changes up to the complete replacement of the BGP protocol . Despite these efforts, only minor tweaks have finally reached an operational status in practice. "
    [Show abstract] [Hide abstract]
    ABSTRACT: The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol in the Internet, thus it plays a crucial role in current communications. Unfortunately, it was conceived without any internal security mechanism, and hence is prone to a number of vulnerabilities and attacks that can result in large scale outages in the Internet. In light of this, securing BGP has been an active research area since its adoption. Several security strategies, ranging from a complete replacement of the protocol up to the addition of new features in it were proposed, but only minor tweaks have found the pathway to be adopted. More recently, the IETF Secure Inter-Domain Routing (SIDR) Working Group (WG) has put forward several recommendations to secure BGP. In this paper, we survey the efforts of the SIDR WG including, the Resource Public Key Infrastructure (RPKI), Route Origin Authorizations (ROAs), and BGP Security (BGPSEC), for securing the BGP protocol. We also discuss the post SIDR inter-domain routing unresolved security challenges along with the deployment and adoption challenges of SIDR’s proposals. Furthermore, we shed light on future research directions in managing the broader security issues in inter-domain routing. The paper is targeted to readers from the academic and industrial communities that are not only interested in an updated article accounting for the recent developments made by the Internet standardization body toward securing BGP (i.e., by the IETF), but also for an analytical discussion about their pros and cons, including promising research lines as well.
    Computer Networks 02/2015; 80. DOI:10.1016/j.comnet.2015.01.017 · 1.28 Impact Factor
  • Source
    • "For example, the secure border gateway protocol (S-BGP) [38] makes use of public key encryption to authenticate route announcements, but the computational costs it incurs are seen as prohibitive. Motivated by this, a great deal of research has investigated how to optimize such costs [36] [34] [1]. A quite recent work [73] in this line has proposed a routing control platform that does not require cooperation among domains. "
    [Show abstract] [Hide abstract]
    ABSTRACT: The provision of content confidentiality via message encryption is by no means sufficient when facing the significant privacy risks present in online communications. Indeed, the privacy literature abounds with examples of traffic analysis techniques aimed to reveal a great deal of information, merely from the knowledge, even if probabilistic, of who is communicating with whom, when, and how frequently. Anonymous-communication systems emerge as a response against such traffic analysis threats. Mixes, and in particular threshold pool mixes, are a building block of anonymous communications systems. These are nodes that receive, store, reorder and delay messages in batches. However, the anonymity gained from the statistical difficulty to link incoming and outgoing messages comes at the expense of introducing a potentially costly delay in the delivery of those messages. In this paper we address the design of such mixes in a systematic fashion, by defining quantitative measures of both anonymity and delay, and by mathematically formalizing practical design decisions as a multiobjective optimization problem. Our extensive theoretical analysis finds the optimal mix parametrization and characterizes the optimal trade-off between the contrasting aspects of anonymity and delay, for two information-theoretic measures of anonymity. Experimental results show that mix optimization may lead to substantial delay reductions for a desirable level of anonymity.
    Computer Networks 07/2014; 16:180-200. DOI:10.1016/j.comnet.2014.04.007 · 1.28 Impact Factor
  • Source
    • "For example, the secure border gateway protocol (S-BGP) [38] makes use of public key encryption to authenticate route announcements, but the computational costs it incurs are seen as prohibitive. Motivated by this, a great deal of research has investigated how to optimize such costs [36] [34] [1]. A quite recent work [73] in this line has proposed a routing control platform that does not require cooperation among domains. "
    [Show abstract] [Hide abstract]
    ABSTRACT: The provision of content confidentiality via message encryption is by no means sufficient when facing the significant privacy risks present in online communications. Indeed, the privacy literature abounds with examples of traffic analysis techniques aimed to reveal a great deal of information, merely from the knowledge, even if probabilistic, of who is communicating with whom, when, and how frequently. Anonymous-communication systems emerge as a response against such traffic analysis threats. Mixes, and in particular threshold pool mixes, are a building block of anonymous communications systems. These are nodes that receive, store, reorder and delay messages in batches. However, the anonymity gained from the statistical difficulty to link incoming and outgoing messages comes at the expense of introducing a potentially costly delay in the delivery of those messages. In this paper we address the design of such mixes in a systematic fashion, by defining quantitative measures of both anonymity and delay, and by mathematically formalizing practical design decisions as a multiobjective optimization problem. Our extensive theoretical analysis finds the optimal mix parametrization and characterizes the optimal trade-off between the contrasting aspects of anonymity and delay, for two information-theoretic measures of anonymity. Experimental results show that mix optimization may lead to substantial delay reductions for a desirable level of anonymity.

Preview

Download
22 Downloads
Available from