[talks] Martin Suchara General Exam
Melissa M Lawson
mml at CS.Princeton.EDU
Tue Jan 15 13:29:30 EST 2008
Martin Suchara will present his research seminar/general exam on Monday January 21 at
1PM in Room 402. The members of his committee are: Jennifer Rexford (advisor), Larry
Peterson, and David August. Everyone is invited to attend his talk, and those faculty
to remain for the oral exam following are welcome to do so. His abstract and reading list
Securing Interdomain Routing in Small Groups
Although the Internet's routing system has serious security vulnerabilities, none of the
existing proposals for a secure variant of BGP has been successfully deployed in practice.
This is not surprising since deploying protocols that require the cooperation of tens of
thousands of independently-operated networks is problematic. Instead, we argue that small
groups should be the basis for securing BGP. We offer a new design in which interdomain
routing is secured by as few as 5-10 participating ASes, adding to the effort to secure
BGP incrementally. Existence of well accepted cryptographic protocols that secure
integrity and confidentiality of data delivery allows us to focus primarily on securing
availability of communication.
We conduct extensive simulations on a realistic Internet topology, and identify conditions
for small groups to be effective. Even though the non-participants outnumber the group
members by several orders of magnitude, the participants can achieve remarkable security
gains by filtering compromised interdomain routes, cooperating to expose additional path
diversity, inducing non-participants to select valid routes, and enlisting a few large
ISPs to participate. We also propose two novel mechanisms that the group members can
employ to achieve these goals, namely secure overlay routing and the cooperative
announcement of each other's address space.
Our experiments show that the proposed technique allows small groups to secure interdomain
 L. Peterson, and B. Davie, Computer Networks: A Systems Approach, 3rd edition,
Morgan Kaufmann Publishers, May 2003.
 D. Clark, "The design philosophy of the DARPA Internet protocols," ACM SIGCOMM
Computer Communication Review, Vol. 18, No. 4, pp. 106-114, Aug. 1988.
 L. Gao, "On inferring autonomous systems relationships in the Internet,"
IEEE/ACM Transactions on Networking, Vol. 9, No. 6, pp. 733-745, Dec. 2001.
 O. Nordstrom, and C. Dovrolis, "Beware of BGP attacks," ACM SIGCOMM Computer
Communication Review, Vol. 34, No. 2, pp. 1-8, Apr. 2004.
 R. White, "Securing BGP through secure origin BGP," The Internet Protocol
Journal, Vol. 6, No. 3, pp. 15-22, Sep. 2003.
 S. Kent, C. Lynn, and K. Seo, "Secure Border Gateway Protocol (Secure-BGP),"
IEEE Journal on Selected Areas in Communications, Vol. 18, No. 4, pp. 582-592, Apr. 2000.
 Y. Hu, A. Perrig, and M. Sirbu, "SPV: Secure path vector routing for securing
BGP," ACM SIGCOMM Computer Communication Review, Vol. 34, No. 4, pp. 179-192, Aug. 2004.
 H. Chan, D. Dash, A. Perrig, and H. Zhang, "Modeling adoptability of secure BGP
protocols," ACM SIGCOMM Computer Communication Review, Vol. 36, No. 4, pp. 279-290, Aug.
 J. Karlin, S. Forrest, and J. Rexford, "Pretty Good BGP: Improving BGP by
cautiously adopting routes," in Proc. IEEE International Conference on Network Protocols,
pp. 290-299, Nov. 2006.
 D. Wendlandt, I. Avramopoulos, D. Andersen, and J. Rexford, "Don't secure
routing protocols, secure data delivery," in Proc. ACM SIGCOMM HotNets Workshop, Nov.
 D. Andersen, H. Balakrishnan, F. Kaashoek, and R. Morris, "Resilient overlay
networks," in Proc. 18th ACM Symposium on Operating System Principles, Vol. 35, No. 5, pp.
131-145, Oct. 2001.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talks