Information & Resources
Research
Security in Interdomain Routing
The Internet is a collection of many disparate networks, or autonomous systems (ASes) connected together. In order to reach hosts outside the local AS, the Border Gateway Protocol (BGP) is required; it is responsible for routing packets to their destination throughout the Internet. BGP is essential to the Internet's operation, but there are few security guarantees, with global ramifications. Central to the security problems with BGP are the lack of origin authentication and path authentication, the inability to attest to the source of a route advertisement and the correct path to a destination, respectively.
We have devised cryptographic constructions that allow for real-time origin authentication, previously thought to be untenable. Additionally, our cryptographic structures for path authentication (shown above) reduce the number of signature validations -- the most costly cryptographic operation associated with the authentication operation -- by up to 95 per cent over currently accepted solutions.
Related Publications
Kevin Butler, William Aiello, and Patrick McDaniel. Optimizing BGP Security by Exploiting Path Stability. Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS'06), November 2006.
Patrick McDaniel, William Aiello, Kevin Butler, and John
Ioannidis.
Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer
Rexford.
William Aiello, John Ioannidis, and Patrick McDaniel.
Geoff Goodell, William Aiello, Tim Griffin, John Ioannidis, Patrick McDaniel,
and Avi Rubin.
NSRC | CSE | Penn State | Contact Us | Copyright 2010 SIIS Lab