Martin Suchara will present his research seminar/general exam on Monday January 21 at

1PM in Room 402.  The members of his committee are:  Jennifer Rexford (advisor), Larry

Peterson, and David August.  Everyone is invited to attend his talk, and those faculty wishing

to remain for the oral exam following are welcome to do so.  His abstract and reading list

follow below.

 

Securing Interdomain Routing in Small Groups

 

Although the Internet's routing system has serious security vulnerabilities, none of the existing proposals for a secure variant of BGP has been successfully deployed in practice. This is not surprising since deploying protocols that require the cooperation of tens of thousands of independently-operated networks is problematic. Instead, we argue that small groups should be the basis for securing BGP. We offer a new design in which interdomain routing is secured by as few as 5–10 participating ASes, adding to the effort to secure BGP incrementally. Existence of well accepted cryptographic protocols that secure integrity and confidentiality of data delivery allows us to focus primarily on securing availability of communication.

 

We conduct extensive simulations on a realistic Internet topology, and identify conditions for small groups to be effective.  Even though the non-participants outnumber the group members by several orders of magnitude, the participants can achieve remarkable security gains by filtering compromised interdomain routes, cooperating to expose additional path diversity, inducing non-participants to select valid routes, and enlisting a few large ISPs to participate.  We also propose two novel mechanisms that the group members can employ to achieve these goals, namely secure overlay routing and the cooperative announcement of each other's address space.

 

Our experiments show that the proposed technique allows small groups to secure interdomain routing efficiently.

 

 

Reading List

 

Textbook:

 

[1]       L. Peterson, and B. Davie, Computer Networks: A Systems Approach, 3rd edition, Morgan Kaufmann Publishers, May 2003.

 

Research papers:

 

[1]       D. Clark, "The design philosophy of the DARPA Internet protocols," ACM SIGCOMM Computer Communication Review, Vol. 18, No. 4, pp. 106-114, Aug. 1988.

 

[2]       L. Gao, “On inferring autonomous systems relationships in the Internet,” IEEE/ACM Transactions on Networking, Vol. 9, No. 6, pp. 733-745, Dec. 2001.

 

[3]       O. Nordstrom, and C. Dovrolis, “Beware of BGP attacks,” ACM SIGCOMM Computer Communication Review, Vol. 34, No. 2, pp. 1-8, Apr. 2004.

 

[4]       R. White, “Securing BGP through secure origin BGP,” The Internet Protocol Journal, Vol. 6, No. 3, pp. 15-22, Sep. 2003.

 

[5]       S. Kent, C. Lynn, and K. Seo, “Secure Border Gateway Protocol (Secure-BGP),” IEEE Journal on Selected Areas in Communications, Vol. 18, No. 4, pp. 582–592, Apr. 2000.

 

[6]       Y. Hu, A. Perrig, and M. Sirbu, “SPV: Secure path vector routing for securing BGP,” ACM SIGCOMM Computer Communication Review, Vol. 34, No. 4, pp. 179-192, Aug. 2004.

 

[7]       H. Chan, D. Dash, A. Perrig, and H. Zhang, “Modeling adoptability of secure BGP protocols,” ACM SIGCOMM Computer Communication Review, Vol. 36, No. 4, pp. 279-290, Aug. 2006.

 

[8]       J. Karlin, S. Forrest, and J. Rexford, “Pretty Good BGP: Improving BGP by cautiously adopting routes,” in Proc. IEEE International Conference on Network Protocols, pp. 290-299, Nov. 2006.

 

[9]       D. Wendlandt, I. Avramopoulos, D. Andersen, and J. Rexford, “Don’t secure routing protocols, secure data delivery,” in Proc. ACM SIGCOMM HotNets Workshop, Nov. 2006.

 

[10]     D. Andersen, H. Balakrishnan, F. Kaashoek, and R. Morris, “Resilient overlay networks,” in Proc. 18th ACM Symposium on Operating System Principles, Vol. 35, No. 5, pp. 131-145, Oct. 2001.