Routing with Byzantine robustness

This paper describes how a network can continue to function in the presence of Byzantine failures. A Byzantine failure is one in which a node, instead of halting (as it would in a fail-stop failure), continues to operate, but incorrectly. It might lie about routing information, perform the routing algorithm itself flawlessly, but then fail to forward some class of packets correctly, or flood the network with garbage traffic. Our goal is to design a network so that as long as one nonfaulty path connects nonfaulty nodes A and B, they will be able to communicate, with some fair share of bandwidth, even if all the other components in the network are maximally malicious. We review work from 1988 that presented a network design that had that property, but required the network to be small enough so that every router could keep state proportional to n2, where n is the total number of nodes in the network. This would work for a network of size on the order of a thousand nodes, but to build a large network, we need to introduce hierarchy. This paper presents a new design, building on the original work, that works with hierarchical networks. This design not only defends against malicious routers, but because it guarantees fair allocation of resources, can mitigate against many other types of denial of service attacks.

[1]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[2]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[3]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[4]  R. Atkinson,et al.  Intermediate System to Intermediate System (IS-IS) , 2003 .

[5]  Andy Heffernan,et al.  Protection of BGP Sessions via the TCP MD5 Signature Option , 1998, RFC.

[6]  Gene Tsudik,et al.  Lowering security overhead in link state routing , 1999, Comput. Networks.

[7]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[8]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.

[9]  Tony Li,et al.  Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication , 2003, RFC.

[10]  S. Cheung,et al.  An efficient message authentication scheme for link state routing , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[11]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM.

[12]  Michael Burrows,et al.  Autonet: A High-Speed, Self-Configuring Local Area Network Using Point-to-Point Links , 1991, IEEE J. Sel. Areas Commun..

[13]  Fred Baker,et al.  RIP-2 MD5 Authentication , 1997, RFC.

[14]  Michael T. Goodrich,et al.  Leap-frog packet linking and diverse key distributions for improved integrity in network broadcasts , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[15]  Baruch Awerbuch,et al.  An on-demand secure routing protocol resilient to byzantine failures , 2002, WiSE '02.

[16]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[17]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[18]  Radia Perlman Interconnections: Bridges and Routers , 1992 .

[19]  Radia Perlman,et al.  Interconnections: Bridges, Routers, Switches, and Internetworking Protocols , 1999 .

[20]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM 2004.