Incrementally Deployable Secure Interdomain Routing

Description | Publications | People | Collaborators | Funding


The Internet's interdomain routing system is notoriously vulnerable to malicious attacks and configuration mistakes. Proposals for a secure interdomain-routing protocol have been stymied, at least in part, by the inability to have a "flag day" on which routers throughout the Internet upgrade to the new protocol. In this project, we investigate incrementally deployable techniques for improving interdomain routing security, building on the
Routing Control Platform (RCP) that selects routes on behalf of each router in a network, while remaining backwards compatible with the legacy equipment. The RCP provides a natural place to run anomaly-detection algorithms (to avoid selecting suspicious routes), apply network-wide routing policies, and upgrade a network to a more secure routing protocol.


Survey papers on BGP security

Secure interdomain routing

Data-plane monitoring robust to adversaries

Better security through multipath routing

Preventing memory exhaustion in BGP-speaking routers

BGP anomaly detection




The project is funded by a grant from the Department of Homeland Security (HSARPA). Dan Wendlandt's summer internship was funded by the DHS Fellows program.