IEEE Trans. Dependable Sec. Comput. 01/2011; 8:58-73.
IEEE Trans. Parallel Distrib. Syst. 01/2011; 22:1536-1549.
Computer Communications. 01/2010; 33:689-705.
ABSTRACT: The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol that connects autonomous systems (ASes). Despite
its importance for the Internet infrastructure, BGP is vulnerable to a variety of attacks due to lack of security mechanisms
in place. Many BGP security mechanisms have been proposed, however, none of them has been deployed because of either high
cost or high complexity. The right trade-off between efficiency and security has been ever challenging.
In this paper, we attempt to trade-off between efficiency and security by giving a little dose of trust to BGP routers. We
present a new flexible threat model that assumes for any path of length h, at least one BGP router is trustworthy, where h is a parameter that can be tuned according to security requirements. Based on this threat model, we present two new symmetric
key approaches to securing BGP: the centralized key distribution approach and the distributed key distribution approach. Comparing
our approaches to the previous SBGP scheme, our centralized approach has a 98% improvement in signature verification. Our
distributed approach has equivalent signature generation cost as in SBGP and an improvement of 98% in signature verification.
Comparing our approaches to the previous SPV scheme, our centralized approach has a 42% improvement in signature generation
and a 96% improvement in signature verification. Our distributed approach has a 90% improvement on signature generation cost
and a 95% improvement in signature verification cost. By combining our approaches with previous public key approaches, it
is possible to simultaneously provide an increased level of security and reduced computation cost.
10/2008: pages 82-96;
Computer Security - ESORICS 2008, 13th European Symposium on Research in Computer Security, Málaga, Spain, October 6-8, 2008. Proceedings; 01/2008
ABSTRACT: We focus on the problem of user revocation in secure adhoc networks. The current approach to achieve security in adhoc networks
is to use a secret instantiation protocol in which, each user is given a subset of secrets from a common secret pool. To communicate
securely, a pair of users use the secrets that are common to both of them. However, when users are compromised, some of these
secrets are also compromised. Hence, to revoke the compromised users, the secrets known to these users need to be updated.
Many group key management solutions exist for revocation of users from a group. However, due to the limitations in adhoc networks,
i.e., lack of efficient broadcast mechanisms and lossy links, revocation of users is a challenging problem. In this paper,
we propose a revocation algorithm that combines the secret instantiation protocols with group key management protocols. Depending
on the combination of protocols used, our revocation algorithm provides deterministic or probabilistic guarantees for revocation.
We illustrate our revocation algorithm by combining the square grid protocol and the logical key hierarchy protocol.
KeywordsSecure Adhoc Networks–User Revocation–Secret Instantiation Protocols–Group Key Management Protocols
12/2005: pages 377-388;
13th IEEE International Conference on Network Protocols (ICNP 2005), 6-9 November 2005, Boston, MA, USA; 01/2005
Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA; 01/2005
Distributed Computing and Internet Technology, First International Conference, ICDCIT 2004, Bhubaneswar, India, December 22-24, 2004, Proceedings; 01/2004
22nd International Conference on Distributed Computing Systems, Workshops (ICDCSW '02) July 2-5, 2002, Vienna, Austria, Proceedings; 01/2002