Secure and Policy-Compliant Source Routing

In today's Internet, inter-domain route control remains elusive; nevertheless, such control could improve the performance, reliability, and utility of the network for end users and ISPs alike. While researchers have proposed a number of source routing techniques to combat this limitation, there has thus far been no way for independent ASes to ensure that such traffic does not circumvent local traffic policies, nor to accurately determine the correct party to charge for forwarding the traffic. We present Platypus, an authenticated source routing system built around the concept of network capabilities, which allow for accountable, fine-grained path selection by cryptographically attesting to policy compliance at each hop along a source route. Capabilities can be composed to construct routes through multiple ASes and can be delegated to third parties. Platypus caters to the needs of both end users and ISPs: users gain the ability to pool their resources and select routes other than the default, while ISPs maintain control over where, when, and whose packets traverse their networks. We describe the design and implementation of an extensive Platypus policy framework that can be used to address several issues in wide-area routing at both the edge and the core, and evaluate its performance and security. Our results show that incremental deployment of Platypus can achieve immediate gains.

[1]  Deborah Estrin,et al.  Visa protocols for controlling interorganizational datagram flow , 1989, IEEE J. Sel. Areas Commun..

[2]  Deborah Estrin,et al.  Security issues in policy routing , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[3]  David D. Clark,et al.  Policy routing in Internet protocols , 1989, RFC.

[4]  Raj Srinivasan,et al.  XDR: External Data Representation Standard , 1995, RFC.

[5]  J. Noel Chiappa,et al.  The Nimrod Routing Architecture , 1996, RFC.

[6]  Deborah Estrin,et al.  Source Demand Routing: Packet Format and Forwarding Specification (Version 1) , 1996, RFC.

[7]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[8]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[9]  Hui Zhang,et al.  LIRA: An Approach for Service Differentiation in the Internet , 1998 .

[10]  Randy H. Katz,et al.  The effects of asymmetry on TCP performance , 1999, Mob. Networks Appl..

[11]  Stefan Savage,et al.  The end-to-end effects of Internet path selection , 1999, SIGCOMM '99.

[12]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[13]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[14]  M. Grossglauser,et al.  Trajectory sampling for direct traffic observation , 2000 .

[15]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[16]  W. Norton,et al.  Internet Service Providers and Peering , 2001 .

[17]  Geoff Huston,et al.  Commentary on Inter-Domain Routing in the Internet , 2001, RFC.

[18]  Scott Shenker,et al.  Internet indirection infrastructure , 2002, SIGCOMM 2002.

[19]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[20]  John Black,et al.  A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[21]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[22]  David Clark,et al.  Tussle in cyberspace: defining tomorrow's internet , 2002, SIGCOMM 2002.

[23]  Krishna P. Gummadi,et al.  King: estimating latency between arbitrary internet end hosts , 2002, IMW '02.

[24]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[25]  Randy H. Katz,et al.  OPCA: robust interdomain policy routing and traffic control , 2003, 2003 IEEE Conference onOpen Architectures and Network Programming..

[26]  David G. Andersen,et al.  Proceedings of Usits '03: 4th Usenix Symposium on Internet Technologies and Systems Mayday: Distributed Filtering for Internet Services , 2022 .

[27]  Nick Feamster,et al.  Guidelines for interdomain traffic engineering , 2003, CCRV.

[28]  David L. Mills,et al.  A brief history of NTP time: memoirs of an Internet timekeeper , 2003, CCRV.

[29]  Michael Burrows,et al.  Proceedings of Fast '03: 2nd Usenix Conference on File and Storage Technologies 2nd Usenix Conference on File and Storage Technologies Block-level Security for Network-attached Disks , 2022 .

[30]  David R. Cheriton,et al.  Feedback based routing , 2003, CCRV.

[31]  Shivkumar Kalyanaraman,et al.  BANANAS: an evolutionary framework for explicit and multipath routing in the internet , 2003, FDNA '03.

[32]  Ratul Mahajan,et al.  User-level internet path diagnosis , 2003, SOSP '03.

[33]  Xiaowei Yang,et al.  NIRA: a new Internet routing architecture , 2003, FDNA '03.

[34]  Akihiro Nakao,et al.  A routing underlay for overlay networks , 2003, SIGCOMM '03.

[35]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[36]  Alex C. Snoeren,et al.  Decoupling policy from mechanism in Internet routing , 2004, Comput. Commun. Rev..

[37]  Krishna P. Gummadi,et al.  Improving the Reliability of Internet Paths with One-hop Source Routing , 2004, OSDI.

[38]  Alex C. Snoeren,et al.  A system for authenticated policy-compliant routing , 2004, SIGCOMM 2004.

[39]  Xiaowei Yang,et al.  A DoS-limiting network architecture , 2005, SIGCOMM '05.

[40]  Yin Zhang,et al.  On selfish routing in internet-like environments , 2006, TNET.

[41]  A. Kumar,et al.  Space-code bloom filter for efficient per-flow traffic measurement , 2004, IEEE INFOCOM 2004.

[42]  Sriram Ramabhadran,et al.  Cloud control with distributed rate limiting , 2007, SIGCOMM 2007.

[43]  Obi Akonjang,et al.  SANE: A Protection Architecture For Enterprise Networks , 2007 .