Incrementally Deployable Secure Interdomain Routing
The Internet's interdomain routing system is notoriously vulnerable to
malicious attacks and configuration mistakes. Proposals for a secure
interdomain-routing protocol have been stymied, at least in part, by
the inability to have a "flag day" on which routers throughout the
Internet upgrade to the new protocol. In this project, we investigate
incrementally deployable techniques for improving interdomain
routing security, building on the Routing
Control Platform (RCP) that selects routes on behalf of each
router in a network, while remaining backwards compatible with the
legacy equipment. The RCP provides a natural place to run
anomaly-detection algorithms (to avoid selecting suspicious routes),
apply network-wide routing policies, and upgrade a network to a more
secure routing protocol.
Survey papers on BGP security
Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer Rexford,
"A survey of BGP security
issues and solutions," in Proceedings of the IEEE,
Matt Caesar and Jennifer Rexford,
"BGP routing policies in ISP networks,"
IEEE Network Magazine, special issue on interdomain routing,
Earlier version appears as UC Berkeley Technical Report UCB/CSD-05-1377,
Secure interdomain routing
Andreas Haeberlen, Ioannis Avramopoulos, Jennifer Rexford, and Peter
"NetReview: Detecting when interdomain routing goes wrong,"
Proc. Networked Systems Design and Implementation, April 2009
(Andreas Haeberlen's slides).
Jennifer Rexford and Joan Feigenbaum,
"Incrementally-deployable security for
interdomain routing," extended abstract, Proc. Cybersecurity
Applications and Technologies for Homeland Security, March 2009.
This paper is a high-level overview of the project and results to
Josh Karlin, Stephanie Forrest, and Jennifer Rexford, "Autonomous security for Autonomous
Systems," Computer Networks, special issue on Complex
Computer and Communications Networks, October 2008. The journal paper extends our previous
work: "Pretty Good BGP: Improving BGP by cautiously
adopting routes," Proc. IEEE International Conference on Network
Protocols, November 2006. Josh gave a NANOG presentation on
"Pretty Good BGP and the Internet Alert Registry,"
June 2006 (see also the
NANOG e-mail thread,
January 2006 NANOG e-mail thread).
Ioannis Avramopoulos, Martin Suchara, and Jennifer Rexford,
small groups can secure interdomain routing,"
Princeton University Computer Science Technical Report
TR-808-07, December 2007. An
appeared at the CoNext poster session, December 2007.
We expand on the economic arguments for small groups in:
Ioannis Avramopoulos and Jennifer Rexford,
"A pluralist approach to interdomain
communication security," in Proc. NetEcon Workshop,
June 2007 (Yannis' slides).
Data-plane monitoring robust to adversaries
Sharon Goldberg, David Xiao, Eran Tromer, Boaz Barak and Jennifer Rexford,
"Path-quality monitoring in the
presence of adversaries," Proc. ACM SIGMETRICS, June 2008
A related paper,
published at EUROCRYPT'08, focuses on failure localization in the
presence of adversaries.
Sharon Goldberg and Jennifer Rexford,
"Security vulnerabilities and
solutions for packet sampling," invited paper, Proc. IEEE
Sarnoff Symposium, April/May 2007.
Ioannis Avramopoulos and Jennifer Rexford,
"Stealth probing: Efficient data-plane
security for IP routing," USENIX Annual Technical Conference,
May/June 2006 (Yannis' slides). A
longer version, including the design and evaluation of our prototype
implementation, appears as:
discrimination against network traffic," Princeton University
Computer Science Technical Report TR-794-07, August 2007.
Better security through multipath routing
Jiayue He and Jennifer Rexford,
"Towards Internet-wide multipath
routing," in IEEE Network Magazine, March 2008.
Dan Wendlandt, Ioannis Avramopoulos, David G. Andersen, and Jennifer Rexford,
"Don't secure routing protocols, secure data
delivery," in Proc. HotNets, November 2006
Wen Xu and Jennifer Rexford,
"MIRO: Multi-path Interdomain ROuting,"
Proc. ACM SIGCOMM, September 2006
Preventing memory exhaustion in BGP-speaking routers
Elliott Karpilovsky, Matthew Caesar, Jennifer Rexford, Aman Shaikh,
and Kobus van der Merwe, "Practical network-wide compression of IP
routing tables," in submission.
Elliott Karpilovsky and Jennifer Rexford,
"Using forgetful routing to control
BGP table size," in Proc. CoNext, December 2006
- Steve Bellovin, Randy Bush, Timothy G. Griffin, and Jennifer Rexford,
"Slowing routing table growth by filtering
based on address allocation policies," June 2001.
BGP anomaly detection
Jian Zhang and Joan Feigenbaum,
correlated pairs efficiently with powerful pruning,"
in Proc. ACM Conference on Information and Knowledge
Management, November 2006.
Harlan Yu, Jennifer Rexford, and
Edward Felten, "A distributed reputation
approach to cooperative Internet routing protection,"
Proc. Workshop on Secure Network Protocols, November 2005
- Jian Zhang, Jennifer Rexford, and Joan Feigenbaum,
"Learning-based anomaly detection in
BGP updates," Proc. ACM SIGCOMM MineNet workshop, August 2005
A longer version is available as
Yale University Technical Report YALEU/DCS/TR-1318,
- Jian Wu, Z. Morley Mao, Jennifer Rexford, and Jia Wang,
"Finding a needle in a haystack:
Pinpointing significant BGP routing changes in an IP network,"
Proc. Networked Systems Design and Implementation, May 2005
- Nick Feamster, Z. Morley Mao, and Jennifer Rexford,
"BorderGuard: Detecting cold potatoes
in Proc. Internet Measurement Conference, October 2004
The project is funded by a grant from the Department of Homeland
Security (HSARPA). Dan Wendlandt's summer internship was funded
by the DHS Fellows program.