Project homepage: Mitigating Exploits of the Current Interdomain Routing Infrastructure

Mitigating Exploits of the Current Interdomain Routing Infrastructure

Collaborative research supported by the NSF Cyber Trust program through grants CNS-0753061 and CNS-0753492

Description

This project addresses fundamental flaws in Internet-routing infrastructure using both theoretical analysis and practical tools. The results not only improve the security of the current Internet, but also advance principles of secure routing design useful for next-generation protocols. The project advocates a different approach than previous work in this area by formally defining comprehensive requirements for protocol security, rather than imposing new technologies to address one or two specific exploits.

The Border Gateway Protocol (BGP) provides best-effort connectivity between the component networks of the Internet, a task called interdomain routing. However, BGP lacks any security mechanism, allowing accidental router misconfiguration or intentional attacks that have far-reaching effects on network stability and traffic flow. Furthermore, simply adding security mechanisms is insufficient because BGP also lacks the guarantee that specification-compliant inputs always produce stable routes across the network.

This project addresses these shortcomings through research on various assumptions that guarantee good routing behavior and on methods to verify or enforce these assumptions to prevent deviation from that behavior. We identify and address attacks that have previously been studied as well as new attacks that have not yet received attention in the literature. We target incremental-deployment benefits and computational efficiency as primary desiderata; thus, our solutions can offer incentives for immediate adoption without system-wide changes. Through its educational component, our project introduces students to cross-disciplinary research. This encourages collaboration in research projects and allows development of coursework integrating security, networking, and theory for a timely application domain.

People

Senior Personnel

Aaron D. Jaggard (PI, DIMACS, Rutgers University)
Vijay Ramachandran (co-PI, CS, Colgate University)
Rebecca N. Wright (PI, DIMACS and CS, Rutgers University)

Collaborators

Bruno Blanchet, Sharon Goldberg, Shai Halevi, Andre Scedrov, Joe-Kai Tsay

Preprints and papers

Aaron D. Jaggard, Vijay Ramachandran, and Rebecca N. Wright, "Communication Models and Their Impact on Routing-Algorithm Behavior"
- DIMACS Technical Report 2008-06 (in preparation)
Sharon Goldberg, Shai Halevi, Aaron D. Jaggard, Vijay Ramachandran, and Rebecca N. Wright, "Rationality and Traffic Attraction: Incentives for Honest Path Announcements in BGP"
- Proceedings of SIGCOMM 2008 (to appear)
- Princeton CS Technical Report TR-823-08 (in preparation)
Aaron D. Jaggard, Vijay Ramachandran, and Rebecca N. Wright, "Towards a Realistic Model of Incentives in Interdomain Routing: Decoupling Forwarding from Signaling"
- DIMACS Technical Report 2008-02 (Version of 2008-04-27, 37 page pdf)
Bruno Blanchet, Aaron D. Jaggard, Andre Scedrov, and Joe-Kai Tsay, "Computationally Sound Mechanized Proofs for Basic and Public-key Kerberos"
- Proceedings of ASIACCS 2008, pp. 87--99 (2008). doi:10.1145/1368310.1368326

Talks

Towards a Realistic Model of Incentives in Interdomain Routing: Decoupling Forwarding from Signaling
- Presented at the DIMACS/DyDAN Workshop on Secure Internet Routing, 26 March 2008 (pdf slides)

Posters

A more realistic model of incentives for routing (pdf poster)
- Presented at the 2008 NSF Cyber Trust PI Meeting, 16--18 March 2008