Origin authentication in interdomain routing

Computer Science and Engineering, Pennsylvania State University, 344 IST Building, University Park, PA 16802, United States; Department of Computer Science, University of British Columbia, 201 Main Mall, Vancouver, Canada, BC V6T 1Z4; Center for Computational Learning Systems, Columbia University, 475 Riverside Ave, New York, NY 10115, United States
Computer Networks (Impact Factor: 1.23). 11/2003; DOI: 10.1016/j.comnet.2005.11.007
Source: CiteSeer

ABSTRACT Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication; there is no way to validate claims of address ownership or location. The lack of such services not only enables attacks by malicious entities, but also indirectly allows seemingly inconsequential misconfigurations to disrupt large portions of the Internet. This paper considers the semantics, design, and costs of origin authentication in interdomain routing. We formalize the semantics of address delegation and use on the Internet, and develop and characterize original, broad classes of origin authentication proof systems. We estimate the address delegation graph representing the current use of IPv4 address space using available routing data. This effort reveals that current address delegation is dense and relatively static: as few as 16 entities perform 80% of the delegation on the Internet. We conclude by evaluating the proposed services via trace-based simulation, which demonstrates that the enhanced proof systems can significantly reduce resource costs associated with origin authentication.

  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper provides the provable-security treatment of path vector routing protocols. We first design a security definition for routing path vector protocols by studying, generalizing, and formalizing numerous known threats. Our model incorporates three major security goals. It is quite strong, yet simple to use. We prove by reduction that S-BGP satisfies two out of the security model's three goals, assuming the underlying signature scheme is secure. Under the same assumption, we next show how the protocol can be modified to meet all three security goals simultaneously. Finally, we study security of partial PKI deployment of path vector protocols when not all nodes have public keys. We investigate the possibilities of relaxing the PKI requirement and relying on the non-cryptographic physical security of the protocol in order to achieve possibly weaker, but still well-defined, notions of security. We also present the necessary and sufficient conditions to achieve full security in the partial PKI deployment scenario. We believe our conclusions will prove useful for protocol developers, standards bodies and government agencies.
    Proceedings of the 2012 ACM conference on Computer and communications security; 10/2012
  • Source
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: For the past several decades, work that develops and analyzes network routing protocols has assumed that each network node properly implements the algorithm that establishes routes through the network. However, there have been several instances in which a trivial misconfiguration in a single router's implementation of the routing algorithm induced undesirable routes within the majority of the network. Given the high likelihood of program error or sabotage in today's networks, there is an urgent need to develop techniques that allow properly- configured routers to identify anomalous behaviors of their misconfigured counterparts. In this paper, we describe our development of a general theory that examines routing protocols in environments where some misconfigured routers "misbehave" and (intentionally or unintentionally) issue inaccurate reports that shift routing paths in the network. Application of this theory allows a node to "sense" the presence of a misconfiguration in the network through an analysis of its routing state. We show, using the Distance Vector routing protocol as an example, how this theory can be applied to practical routing protocols. We also describe our plans for a practical tool based on this theory that can be used by network administrators to detect anomalies.


Available from