"Internet Routing: Separating Customers from Providers"

2006

ABSTRACT Today's Internet routing architecture faces many challenges, ranging from scaling problems, security threats, poor fault diagnosis to inadequate support for traffic engineering and customer multihoming.

IEEE Journal on Selected Areas in Communications, 2000

The locator/identifier split is a design principle for new routing architectures that make Internet routing more scalable. To find the location of a host, it requires a mapping system that returns appropriate locators in response to maprequests for specific identifiers. In this paper, we propose FIRMS, a "Future Internet Routing Mapping System". It is fast, scalable, reliable, secure, and it is able to relay initial packets. We introduce its design, show how it deals with partial failures, explain its security concept, and evaluate its scalability.

2009

Abstract The Internet routing system plays an essential role of gluing together tens of thousands of individual networks to create a global data delivery substrate. Over the years many efforts have been devoted to securing the routing system and a plethora of solutions have been proposed. Yet none of the solutions has seen wide adoption in the operational Internet and the routing system security remains a serious concern.

arXiv (Cornell University), 2022

Adversaries can exploit inter-domain routing vulnerabilities to intercept communication and compromise the security of critical Internet applications. Meanwhile the deployment of secure routing solutions such as Border Gateway Protocol Security (BGPsec) and Scalability, Control and Isolation On Next-generation networks (SCION) are still limited. How can we leverage emerging secure routing backbones and extend their security properties to the broader Internet? We design and deploy an architecture to bootstrap secure routing. Our key insight is to abstract the secure routing backbone as a virtual Autonomous System (AS), called Secure Backbone AS (SBAS). While SBAS appears as one AS to the Internet, it is a federated network where routes are exchanged between participants using a secure backbone. SBAS makes BGP announcements for its customers' IP prefixes at multiple locations (referred to as Points of Presence or PoPs) allowing traffic from non-participating hosts to be routed to a nearby SBAS PoP (where it is then routed over the secure backbone to the true prefix owner). In this manner, we are the first to integrate a federated secure non-BGP routing backbone with the BGP-speaking Internet. We present a real-world deployment of our architecture that uses SCIONLab to emulate the secure backbone and the PEERING framework to make BGP announcements to the Internet. A combination of real-world attacks and Internet-scale simulations shows that SBAS substantially reduces the threat of routing attacks. Finally, we survey network operators to better understand optimal governance and incentive models.

IEEE Security & Privacy Magazine, 2006

Computer Networks, 2015

The Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol in the Internet, thus it plays a crucial role in current communications. Unfortunately, it was conceived without any internal security mechanism, and hence is prone to a number of vulnerabilities and attacks that can result in large scale outages in the Internet. In light of this, securing BGP has been an active research area since its adoption. Several security strategies, ranging from a complete replacement of the protocol up to the addition of new features in it were proposed, but only minor tweaks have found the pathway to be adopted. More recently, the IETF Secure Inter-Domain Routing (SIDR) Working Group (WG) has put forward several recommendations to secure BGP. In this paper, we survey the efforts of the SIDR WG including, the Resource Public Key Infrastructure (RPKI), Route Origin Authorizations (ROAs), and BGP Security (BGPSEC), for securing the BGP protocol. We also discuss the post SIDR inter-domain routing unresolved security challenges along with the deployment and adoption challenges of SIDR's proposals. Furthermore, we shed light on future research directions in managing the broader security issues in inter-domain routing. The paper is targeted to readers from the academic and industrial communities that are not only interested in an updated article accounting for the recent developments made by the Internet standardization body toward securing BGP (i.e., by the IETF), but also for an analytical discussion about their pros and cons, including promising research lines as well.

Mobile Networks and Applications, 2011

This paper studies the effect of disaggregation on the size of the routing table in the Internet’s Default Free Zone (DFZ). Current practises for traffic balancing and protection against prefix hijacking in the Internet are based in disaggregating prefixes that cause an increase in size of the Internet’s core routing table. I propose an algorithm to assess their effect on

IEEE Network, 1999

In today's Internet, individuals, campuses, and organizations obtain IP connectivity from transit providers. Internet interprovider routing is governed by bilateral traffic exchange agreements between providers. Such independently established policies can adversely impact the stability and analyzability of Internet routing. We describe an architecture for coordinating Internet routing policies. This architecture allows providers to publish high-level specifications of their policies, and to analyze the effects of their policies on Internet routing. Several pieces of the architecture have been implemented and are in production use; we also discuss the experiences gleaned from these deployments

IEEE/ACM Transactions on Networking, 2008

Designing infrastructures that give untrusted thirdparties (such as end-hosts) control over routing is a promising research direction for achieving flexible and efficient communication. However, serious concerns remain over the deployment of such infrastructures, none less than the new security vulnerabilities they introduce. The flexible control plane of these infrastructures can be exploited to launch many types of powerful attacks with little effort. In this paper, we make several contributions towards studying security issues in forwarding infrastructures. We present a general model for a forwarding infrastructure, analyze potential security vulnerabilities, and present techniques to address these vulnerabilities. The main technique that we introduce in this paper is the use of simple, lightweight , cryptographic constraints on forwarding entries. We show that it is possible to prevent a large class of attacks on end-hosts, and bound the flooding attacks that can be launched on the infrastructure nodes to a small constant value. Our mechanisms are general and apply to a variety of earlier proposals such as i3, DataRouter and Network Pointers.

IEEE/ACM Transactions on Networking, 2000

In today's Internet, inter-domain route control remains elusive; nevertheless, such control could improve the performance, reliability, and utility of the network for end users and ISPs alike. While researchers have proposed a number of source routing techniques to combat this limitation, there has thus far been no way for independent ASes to ensure that such traffic does not circumvent local traffic policies, nor to accurately determine the correct party to charge for forwarding the traffic.