Incrementally Deployable Secure Interdomain Routing
Description |
Publications |
People |
Collaborators |
Funding
Description
The Internet's interdomain routing system is notoriously vulnerable to
malicious attacks and configuration mistakes. Proposals for a secure
interdomain-routing protocol have been stymied, at least in part, by
the inability to have a "flag day" on which routers throughout the
Internet upgrade to the new protocol. In this project, we investigate
incrementally deployable techniques for improving interdomain
routing security, building on the Routing
Control Platform (RCP) that selects routes on behalf of each
router in a network, while remaining backwards compatible with the
legacy equipment. The RCP provides a natural place to run
anomaly-detection algorithms (to avoid selecting suspicious routes),
apply network-wide routing policies, and upgrade a network to a more
secure routing protocol.
Publications
Data-plane monitoring robust to adversaries
-
Sharon Goldberg, David Xiao, Eran Tromer, Boaz Barak and Jennifer Rexford,
"Path-quality monitoring in the
presence of adversaries," Proc. ACM SIGMETRICS, June 2008
(full version,
Sharon's talk).
A related paper,
published at EUROCRYPT'08, focuses on failure localization in the
presence of adversaries.
-
Sharon Goldberg and Jennifer Rexford,
"Security vulnerabilities and
solutions for packet sampling," invited paper, Proc. IEEE
Sarnoff Symposium, April/May 2007.
-
Ioannis Avramopoulos and Jennifer Rexford,
"Stealth probing: Efficient data-plane
security for IP routing," USENIX Annual Technical Conference,
May/June 2006 (Yannis' slides). A
longer version, including the design and evaluation of our prototype
implementation, appears as:
"Counteracting
discrimination against network traffic," Princeton University
Computer Science Technical Report TR-794-07, August 2007.
Secure and robust interdomain routing
-
Josh Karlin, Stephanie Forrest, and Jennifer Rexford, "Autonomous security for Autonomous
Systems," to appear in Computer Networks, special issue on Complex
Computer and Communications Networks. The journal paper extends our previous
work: "Pretty Good BGP: Improving BGP by cautiously
adopting routes," Proc. IEEE International Conference on Network
Protocols, November 2006. Josh gave a NANOG presentation on
"Pretty Good BGP and the Internet Alert Registry,"
June 2006 (see also the
NANOG talk
questions,
June 2006
NANOG e-mail thread,
January 2006 NANOG e-mail thread).
-
Ioannis Avramopoulos, Martin Suchara, and Jennifer Rexford,
"How
small groups can secure interdomain routing,"
Princeton University Computer Science Technical Report
TR-808-07, December 2007. An
earlier version
appeared at the CoNext poster session, December 2007.
We expand on the economic arguments for small groups in:
Ioannis Avramopoulos and Jennifer Rexford,
"A pluralist approach to interdomain
communication security," in Proc. NetEcon Workshop,
June 2007 (Yannis' slides).
-
Elliott Karpilovsky and Jennifer Rexford,
"Using forgetful routing to control
BGP table size," in Proc. CoNext, December 2006
(Elliott's slides).
-
Dan Wendlandt, Ioannis Avramopoulos, David G. Andersen, and Jennifer Rexford,
"Don't secure routing protocols, secure data
delivery," in Proc. HotNets, November 2006
(Dan's slides).
-
Wen Xu and Jennifer Rexford,
"MIRO: Multi-path Interdomain ROuting,"
Proc. ACM SIGCOMM, September 2006
(talk,
discussion).
BGP anomaly detection
-
Jian Zhang and Joan Feigenbaum,
"Finding highly
correlated pairs efficiently with powerful pruning,"
in Proc. ACM Conference on Information and Knowledge
Management, November 2006.
-
Harlan Yu, Jennifer Rexford, and
Edward Felten, "A distributed reputation
approach to cooperative Internet routing protection,"
Proc. Workshop on Secure Network Protocols, November 2005
(Harlan's slides).
- Jian Zhang, Jennifer Rexford, and Joan Feigenbaum,
"Learning-based anomaly detection in
BGP updates," Proc. ACM SIGCOMM MineNet workshop, August 2005
(Jian's slides).
A longer version is available as
Yale University Technical Report YALEU/DCS/TR-1318,
April 2005.
- Jian Wu, Z. Morley Mao, Jennifer Rexford, and Jia Wang,
"Finding a needle in a haystack:
Pinpointing significant BGP routing changes in an IP network,"
Proc. Networked Systems Design and Implementation, May 2005
(ppt slides).
- Nick Feamster, Z. Morley Mao, and Jennifer Rexford,
"BorderGuard: Detecting cold potatoes
from peers,"
in Proc. Internet Measurement Conference, October 2004
(Nick's NANOG
presentation).
Interdomain routing policy
-
Joan Feigenbaum, Michael Schapira, and Scott Shenker,
"Distributed algorithmic mechanism design"
in Algorithmic Game Theory, Cambridge University press, 2007.
-
Joan Feigenbaum, Vijay Ramachandran, and Michael Schapira,
"Incentive-compatible
interdomain routing,"
in Proc. ACM Conference on Electronic Commerce, pp. 130-139, 2006.
-
Matt Caesar and Jennifer Rexford,
"BGP routing policies in ISP networks,"
IEEE Network Magazine, special issue on interdomain routing,
November/December 2005.
Earlier version appears as UC Berkeley Technical Report UCB/CSD-05-1377,
March 2005.
Privacy, anonymity, and accountability
- Felipe Saint-Jean, Aaron Johnson, Dan Boneh, and Joan Feigenbaum,
"Private
Web search," in Proc. ACM Workshop on Privacy of Electronic Society,
October 2007.
- Joan Feigenbaum, Aaron Johnson, and Paul Syverson,
"Probabilistic
analysis of onion routing in a black-box model,"
in Proc. ACM Workshop on Privacy of Electronic Society,
October 2007.
People
Collaborators
Funding
The project is funded by a grant from the Department of Homeland
Security (HSARPA). Dan Wendlandt's summer internship was funded
by the DHS Fellows program.