Authors : David G. Andersen , Hari Balakrishnan , Nick Feamster , Teemu Koponen , Daekyeong Moon , Scott Shenker Authors Info & Claims
Pages 339 - 350 Published : 17 August 2008 Publication History 239 citation 2,012 Downloads Total Citations 239 Total Downloads 2,012 Last 12 Months 107 Last 6 weeks 2 Get Citation AlertsThis alert has been successfully added and will be sent to: You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below. Manage my AlertsThis paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the corresponding entity. We discuss how AIP enables simple solutions to source spoofing, denial-of-service, route hijacking, and route forgery. We also discuss how AIP's design meets the challenges of scaling, key management, and traffic engineering.
D. Andersen, H. Balakrishnan, N. Feamster, T. Koponen, D. Moon, and S. Shenker. Holding the Internet accountable. In Proc. 6th ACM Workshop on Hot Topics in Networks (Hotnets-VI), Nov. 2007.
APNIC. The APNIC Resource Certification Page. http://mirin.apnic.net/resourcecerts/.K. Argyraki and D. R. Cheriton. Active Internet traffic filtering: Real-time response to denial-of-service attacks. In Proc. USENIX Annual Technical Conference, Apr. 2005.
T. Aura. Cryptographically Generated Addresses (CGA). Internet Engineering Task Force, Mar. 2005. RFC 3972.
R. Beverly and S. Bauer. The Spoofer project: Inferring the extent of source address filtering on the Internet. In Proc. SRUTI Workshop, July 2005.
CNET News.com. Router Glitch Cuts Net Access. http://news.com.com/2100-1033-279235.html, Apr. 1997.Z. Duan, X. Yuan, and J. Chandrashekar. Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates. In Proc. IEEE INFOCOM, Mar. 2006.
D. Farinacci, V. Fuller, D. Oran, and D. Meyer. Locator/ID Separation Protocol (LISP). Internet Engineering Task Force, Apr. 2008. Internet Draft (http://tools.ietf.org/html/draft-farinacci-lisp-07). Work in progress, expires October 2008.
P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. Internet Engineering Task Force, Jan. 1998. RFC 2267.
P. Ferguson and D. Senie. Network Ingress Filtering. Internet Engineering Task Force, May 2000. BCP 38, RFC 2827.
V. Fuller. Scaling issues with routing+multihoming, Feb. 2007. Plenary session at APRICOT, the Asia Pacific Regional Internet Conference on Operational Technologies.
G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin. Working around BGP: An incremental approach to improving security and accuracy in interdomain routing. In Proc. NDSS, Feb. 2003.
G. Huston, G. Michaelson, and R. Loomans. A Profile for Resource Certificate Repository Structure. Internet Engineering Task Force, June 2006. http://mirin.apnic.net/resourcecerts/project-notes/draft-ietf-sidr-repos-struct-00.html.
J. Karlin, S. Forrest, and J. Rexford. Pretty Good BGP: Protecting BGP by cautiously selecting routes. Technical report, University of New Mexico, Oct. 2005. TR-CS-2005-37.
F. Kastenholz. ISLAY: A New Routing and Addressing Architecture. Internet Engineering Task Force, May 2002. http://ietfreport.isoc.org/idref/draft-irtf-routing-islay/.
S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. Internet Engineering Task Force, Nov. 1998. RFC 2401.
S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (S-BGP). IEEE JSAC, 18 (4): 582--592, Apr. 2000.
T. Killalea. Internet Service Provider Security Services and Procedures. Internet Engineering Task Force, Nov. 2000. RFC 3013.
D. Krioukov, kc claffy, K. Fall, and A. Brady. On Compact Routing for the Internet. ACM Computer Communications Review, 37 (3): 41--52, July 2007.
M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang. AS: A prefix hijack alert system. In Proc. 15th USENIX Security Symposium, Aug. 2006.
J. Leskovec, J. Kleinberg, and C. Faloutsos. Graphs over time: Densification laws, shrinking diameters and possible explanations. In Proc. 11th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Aug. 2005.
J. Li, R. Bush, Z. M. Mao, T. Griffin, M. Roughan, D. Stutzbach, and E. Purpus. Watching data streams toward a multi-homed sink under routing changes introduced by a BGP beacon. In Passive & Active Measurement (PAM), Mar. 2006.
X. Liu, X. Yang, D. Wetherall, and A. Li. Passport: Secure and Adoptable Source Authentication. In Proc. 5th USENIX NSDI, Apr. 2008.
D. Mazières, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating key management from file system security. In Proc. 17th ACM Symposium on Operating Systems Principles (SOSP), pages 124--139, Dec. 1999.
D. McCullagh. How Pakistan knocked YouTube offline. http://news.cnet.com/8301-10784_3-9878655-7.html, Feb. 2008.
D. Meyer, L. Zhang, and K. Fall. Report from the IAB Workshop on Routing and Addressing. Internet Engineering Task Force, Sept. 2007. RFC 4984.
R. Moskowitz and P. Nikander. Host Identity Protocol (HIP) Architecture. Internet Engineering Task Force, May 2006. RFC 4423.
M. Ohta. 8+8 Addressing for IPv6 End to End Multihoming, Jan. 2004. draft-ohta-multi6-8plus8-00 (Expired IETF Draft).
K. Park and H. Lee. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets. In Proc. ACM SIGCOMM, Aug. 2001.
A. Ramachandran and N. Feamster. Understanding the Network-Level Behavior of Spammers. In Proc. ACM SIGCOMM, Aug. 2006. An earlier version appeared as Georgia Tech TR GT-CSS-2006-001.
A. Ramachandran and N. Feamster. Understanding the network-level behavior of spammers. In Proc. ACM SIGCOMM, Aug. 2006.
Renesys. Renesys Routing Intelligence. http://www.renesys.com/products_services/routing_intelligence.shtml.
M. Shaw. Leveraging good intentions to reduce unwanted network traffic. In Proc. USENIX Steps to Reduce Unwanted Traffic on the Internet workshop, July 2006.
G. Siganos and M. Faloutsos. Analyzing BGP Policies: Methodology and Tool. In Proc. IEEE INFOCOM, Mar. 2004.
T. L. Simon. oof. panix sidelined by incompetence. again. http://merit.edu/mail.archives/nanog/2006-01/msg00483.html, Jan. 2006.
A. C. Snoeren and H. Balakrishnan. An end-to-end approach to host mobility. In Proc. ACM Mobicom, pages 155--166, Aug. 2000.
Spammer-X. Inside the SPAM Cartel. Syngress, 2004. Page 40. G. Varghese. Network Algorithmics. Morgan Kaufmann, 2007.P. Verkaik, A. Broido, kc claffy, R. Gao, Y. Hyun, and R. van der Pol. Beyond CIDR aggregation. Technical Report TR-2004-01, CAIDA, Feb. 2004.
Q. Vohra and E. Chen. BGP Support for Four-octet AS Number Space. Internet Engineering Task Force, May 2007. RFC 4893.
M. Walfish, J. Stribling, M. Krohn, H. Balakrishnan, R. Morris, and S. Shenker. Middleboxes no longer considered harmful. In Proc. 6th USENIX OSDI, Dec. 2004.
R. White. Securing BGP through secure origin BGP. The Internet Protocol Journal, 6 (3), Sept. 2003. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-3/ipj_6-3.pdf.
Q. Wu, Y. Liao, T. Wolf, and L. Gao. Benchmarking BGP routers. In Proc. IEEE International Symposium on Workload Characterization (IISWC), Sept. 2007.
X. Zhang, P. Francis, J. Wang, and K. Yoshida. Scaling IP routing with the core router-integrated overlay. In IEEE International Conference on Network Protocols (ICNP), Nov. 2006.
This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the .
Today's Internet makes hosts and individual networks inherently insecure because permanent addresses turn destinations into permanent attack targets. This paper describes an Evasive Internet Protocol (EIP), a change to the data plane of the Internet .
Currently, IP multicast and Explicit Multi-Unicast (Xcast) are two approaches for multicast communications. IP multicast is designed for large groups but is not scalable in terms of the group number because every router in a multicast tree needs to .
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Association for Computing Machinery
New York, NY, United States