A system for authenticated policy-compliant routing

Internet end users and ISPs alike have little control over how packets are routed outside of their own AS, restricting their ability to achieve levels of performance, reliability, and utility that might otherwise be attained. While researchers have proposed a number of source-routing techniques to combat this limitation, there has thus far been no way for independent ASes to ensure that such traffic does not circumvent local traffic policies, nor to accurately determine the correct party to charge for forwarding the traffic.We present Platypus, an authenticated source routing system built around the concept of network capabilities. Network capabilities allow for accountable, fine-grained path selection by cryptographically attesting to policy compliance at each hop along a source route. Capabilities can be composed to construct routes through multiple ASes and can be delegated to third parties. Platypus caters to the needs of both end users and ISPs: users gain the ability to pool their resources and select routes other than the default, while ISPs maintain control over where, when, and whose packets traverse their networks. We describe how Platypus can be used to address several well-known issues in wide-area routing at both the edge and the core, and evaluate its performance, security, and interactions with existing protocols. Our results show that incremental deployment of Platypus can achieve immediate gains.

[1]  David G. Andersen,et al.  Proceedings of Usits '03: 4th Usenix Symposium on Internet Technologies and Systems Mayday: Distributed Filtering for Internet Services , 2022 .

[2]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[3]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, SIGCOMM 2002.

[4]  Deborah Estrin,et al.  Security issues in policy routing , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[5]  Roger Wattenhofer,et al.  An inherent bottleneck in distributed counting , 1997, PODC '97.

[6]  Randy H. Katz,et al.  OPCA: robust interdomain policy routing and traffic control , 2003, 2003 IEEE Conference onOpen Architectures and Network Programming..

[7]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[8]  Abhishek Kumar,et al.  Space-code bloom filter for efficient per-flow traffic measurement , 2004, IEEE INFOCOM 2004.

[9]  Yin Zhang,et al.  On selfish routing in Internet-like environments , 2003, IEEE/ACM Transactions on Networking.

[10]  Deborah Estrin,et al.  Visa protocols for controlling interorganizational datagram flow , 1989, IEEE J. Sel. Areas Commun..

[11]  David D. Clark,et al.  Policy routing in Internet protocols , 1989, RFC.

[12]  Stefan Savage,et al.  The end-to-end effects of Internet path selection , 1999, SIGCOMM '99.

[13]  Eric C. Rosen,et al.  Multiprotocol Label Switching Architecture , 2001, RFC.

[14]  Deborah Estrin,et al.  Source Demand Routing: Packet Format and Forwarding Specification (Version 1) , 1996, RFC.

[15]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[16]  Hui Zhang,et al.  LIRA: An Approach for Service Differentiation in the Internet , 1998 .

[17]  Alex C. Snoeren,et al.  Decoupling policy from mechanism in Internet routing , 2004, Comput. Commun. Rev..

[18]  Ratul Mahajan,et al.  The causes of path inflation , 2003, SIGCOMM '03.

[19]  Robert Tappan Morris,et al.  Resilient overlay networks , 2001, SOSP.

[20]  David L. Mills,et al.  A brief history of NTP time: memoirs of an Internet timekeeper , 2003, CCRV.

[21]  Scott Shenker,et al.  Internet indirection infrastructure , 2002, SIGCOMM 2002.

[22]  Geoff Huston,et al.  Commentary on Inter-Domain Routing in the Internet , 2001, RFC.

[23]  David Clark,et al.  Tussle in cyberspace: defining tomorrow's internet , 2002, SIGCOMM 2002.

[24]  David Wetherall,et al.  Preventing Internet denial-of-service with capabilities , 2004, Comput. Commun. Rev..

[25]  W. Norton,et al.  Internet Service Providers and Peering , 2001 .

[26]  Ratul Mahajan,et al.  Colt ? ? ? ? ? ? ◦ DTAG ? ◦ • ◦ ? ? ? ? ! ◦ ? ? ? ◦ ◦ ? ? Eqip ? ? ? ? ? ? , 2003 .

[27]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[28]  Xiaowei Yang,et al.  NIRA: a new Internet routing architecture , 2003, FDNA '03.

[29]  John Black,et al.  A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[30]  Ratul Mahajan,et al.  User-level internet path diagnosis , 2003, SOSP '03.

[31]  J. Noel Chiappa,et al.  The Nimrod Routing Architecture , 1996, RFC.

[32]  Shivkumar Kalyanaraman,et al.  BANANAS: an evolutionary framework for explicit and multipath routing in the internet , 2003, FDNA '03.

[33]  Matthias Grossglauser,et al.  Trajectory sampling for direct traffic observation , 2000, SIGCOMM 2000.

[34]  Michael Burrows,et al.  Proceedings of Fast '03: 2nd Usenix Conference on File and Storage Technologies 2nd Usenix Conference on File and Storage Technologies Block-level Security for Network-attached Disks , 2022 .

[35]  David R. Cheriton,et al.  Feedback based routing , 2003, CCRV.

[36]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[37]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[38]  Akihiro Nakao,et al.  A routing underlay for overlay networks , 2003, SIGCOMM '03.