Internet Security in Interdomain Routing
Abstract
The Internet is a collection of many disparate networks, or autonomous systems (ASes) connected together. In order to reach hosts outside the local AS, the Border Gateway Protocol (BGP) is required; it is responsible for routing packets to their destination throughout the Internet. BGP is essential to the Internet's operation, but there are few security guarantees, with global ramifications. Central to the security problems with BGP are the lack of origin authentication and path authentication, the inability to attest to the source of a route advertisement and the correct path to a destination, respectively.
Application to Homeland Security
Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication; there is no way to validate claims of address ownership or location. The lack of such services not only enables attacks by malicious entities, but also indirectly allows seemingly inconsequential misconfigurations to disrupt large portions of the Internet.
Technologies
We have devised cryptographic constructions that allow for real-time origin authentication, previously thought to be untenable. Additionally, our cryptographic structures for path authentication reduce the number of signature validations -- the most costly cryptographic operation associated with the authentication operation -- by up to 95 per cent over currently accepted solutions.
Publications/Talks
- Patrick McDaniel, William Aiello, Kevin Butler, and John Ioannidis. Origin Authentication in Interdomain Routing. Computer Networks, accepted for publication, 2006.
- William Aiello, Kevin Butler, and Patrick McDaniel. Path Authentication in Interdomain Routing. Technical Report NAS-TR-0002-2004, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA, December 2004. Revised May 2005.
- Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer Rexford, A Survey of BGP Security Issues and Solutions. Technical Report TD-5UGJ33, AT&T Labs - Research, Florham Park, NJ, February 2004. (revised June 2004).
Contact the Investigators
Patrick McDaniel, Computer Science and Engineering