Accountable internet protocol (aip)

This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the corresponding entity. We discuss how AIP enables simple solutions to source spoofing, denial-of-service, route hijacking, and route forgery. We also discuss how AIP's design meets the challenges of scaling, key management, and traffic engineering.

[1]  kc claffy,et al.  Beyond CIDR Aggregation , 2004 .

[2]  Hari Balakrishnan,et al.  An end-to-end approach to host mobility , 2000, MobiCom '00.

[3]  Jia Wang,et al.  Scaling IP Routing with the Core Router-Integrated Overlay , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[4]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[5]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[6]  Nick Feamster,et al.  Holding the Internet Accountable , 2007, HotNets.

[7]  Xin Liu,et al.  Passport: Secure and Adoptable Source Authentication , 2008, NSDI.

[8]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[9]  Lixia Zhang,et al.  Report from the IAB Workshop on Routing and Addressing , 2007, RFC.

[10]  Pekka Nikander,et al.  Host Identity Protocol (HIP) Architecture , 2006, RFC.

[11]  Nick Feamster,et al.  Understanding the network-level behavior of spammers , 2006, SIGCOMM.

[12]  Z. Morley Mao,et al.  Watching data streams toward a multi-homed sink under routing changes introduced by a BGP beacon , 2006 .

[13]  Christos Faloutsos,et al.  Graphs over time: densification laws, shrinking diameters and possible explanations , 2005, KDD '05.

[14]  Marianne Shaw,et al.  Leveraging good intentions to reduce unwanted network traffic , 2006 .

[15]  Enke Chen,et al.  BGP Support for Four-octet AS Number Space , 2007, RFC.

[16]  Lixin Gao,et al.  Benchmarking BGP Routers , 2007, 2007 IEEE 10th International Symposium on Workload Characterization.

[17]  Michalis Faloutsos,et al.  Analyzing BGP policies: methodology and tool , 2004, IEEE INFOCOM 2004.

[18]  David R. Cheriton,et al.  Active Internet Traffic Filtering: Real-time Response to Denial of Service Attacks , 2003, ArXiv.

[19]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[20]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[21]  Robert Beverly,et al.  The spoofer project: inferring the extent of source address filtering on the internet , 2005 .

[22]  Recommended Internet Service Provider Security Services and Procedures , 2000, RFC.

[23]  Patrick D. McDaniel,et al.  Working around BGP: An Incremental Approach to Improving Security and Accuracy in Interdomain Routing , 2003, NDSS.

[24]  Michael Walfish,et al.  Middleboxes No Longer Considered Harmful , 2004, OSDI.

[25]  George Varghese,et al.  Network algorithmics , 2004 .

[26]  Arthur Brady,et al.  On compact routing for the internet , 2007, CCRV.

[27]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[28]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[29]  Laurence A. Wolsey,et al.  Inequalities from Two Rows of a Simplex Tableau , 2007, IPCO.

[30]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[31]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[32]  Josh Karlin Pretty Good BGP : Protecting BGP by Cautiously Selecting Routes Paper , 2005 .