[talks] Martin Suchara General Exam

Tue Jan 15 13:29:30 EST 2008

Martin Suchara will present his research seminar/general exam on Monday January 21 at 

1PM in Room 402.  The members of his committee are:  Jennifer Rexford (advisor), Larry 

Peterson, and David August.  Everyone is invited to attend his talk, and those faculty
wishing 

to remain for the oral exam following are welcome to do so.  His abstract and reading list

follow below.

Securing Interdomain Routing in Small Groups

Although the Internet's routing system has serious security vulnerabilities, none of the
existing proposals for a secure variant of BGP has been successfully deployed in practice.
This is not surprising since deploying protocols that require the cooperation of tens of
thousands of independently-operated networks is problematic. Instead, we argue that small
groups should be the basis for securing BGP. We offer a new design in which interdomain
routing is secured by as few as 5-10 participating ASes, adding to the effort to secure
BGP incrementally. Existence of well accepted cryptographic protocols that secure
integrity and confidentiality of data delivery allows us to focus primarily on securing
availability of communication.

We conduct extensive simulations on a realistic Internet topology, and identify conditions
for small groups to be effective.  Even though the non-participants outnumber the group
members by several orders of magnitude, the participants can achieve remarkable security
gains by filtering compromised interdomain routes, cooperating to expose additional path
diversity, inducing non-participants to select valid routes, and enlisting a few large
ISPs to participate.  We also propose two novel mechanisms that the group members can
employ to achieve these goals, namely secure overlay routing and the cooperative
announcement of each other's address space. 

Our experiments show that the proposed technique allows small groups to secure interdomain
routing efficiently.

Reading List

Textbook:

[1]       L. Peterson, and B. Davie, Computer Networks: A Systems Approach, 3rd edition,
Morgan Kaufmann Publishers, May 2003.

Research papers:

[1]       D. Clark, "The design philosophy of the DARPA Internet protocols," ACM SIGCOMM
Computer Communication Review, Vol. 18, No. 4, pp. 106-114, Aug. 1988.

[2]       L. Gao, "On inferring autonomous systems relationships in the Internet,"
IEEE/ACM Transactions on Networking, Vol. 9, No. 6, pp. 733-745, Dec. 2001.

[3]       O. Nordstrom, and C. Dovrolis, "Beware of BGP attacks," ACM SIGCOMM Computer
Communication Review, Vol. 34, No. 2, pp. 1-8, Apr. 2004.

[4]       R. White, "Securing BGP through secure origin BGP," The Internet Protocol
Journal, Vol. 6, No. 3, pp. 15-22, Sep. 2003.

[5]       S. Kent, C. Lynn, and K. Seo, "Secure Border Gateway Protocol (Secure-BGP),"
IEEE Journal on Selected Areas in Communications, Vol. 18, No. 4, pp. 582-592, Apr. 2000.

[6]       Y. Hu, A. Perrig, and M. Sirbu, "SPV: Secure path vector routing for securing
BGP," ACM SIGCOMM Computer Communication Review, Vol. 34, No. 4, pp. 179-192, Aug. 2004.

[7]       H. Chan, D. Dash, A. Perrig, and H. Zhang, "Modeling adoptability of secure BGP
protocols," ACM SIGCOMM Computer Communication Review, Vol. 36, No. 4, pp. 279-290, Aug.
2006.

[8]       J. Karlin, S. Forrest, and J. Rexford, "Pretty Good BGP: Improving BGP by
cautiously adopting routes," in Proc. IEEE International Conference on Network Protocols,
pp. 290-299, Nov. 2006.

[9]       D. Wendlandt, I. Avramopoulos, D. Andersen, and J. Rexford, "Don't secure
routing protocols, secure data delivery," in Proc. ACM SIGCOMM HotNets Workshop, Nov.
2006.

[10]     D. Andersen, H. Balakrishnan, F. Kaashoek, and R. Morris, "Resilient overlay
networks," in Proc. 18th ACM Symposium on Operating System Principles, Vol. 35, No. 5, pp.
131-145, Oct. 2001.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cs.princeton.edu/pipermail/talks/attachments/20080115/c545f017/attachment-0001.htm 