Securing User-controlled Routing Infrastructures

Karthik Kalambur Lakshminarayanan, Daniel Giannico Adkins, Adrian Perrig and Ion Stoica

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2007-37
March 22, 2007

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2007/EECS-2007-37.pdf

Designing infrastructures that give untrusted third-parties (such as end-hosts) control over routing is a promising research direction for achieving flexible and efficient communication. However, serious concerns remain over the deployment of such infrastructures, none less than the new security vulnerabilities they introduce. The flexible control plane of these infrastructures can be exploited to launch many types of powerful attacks with little effort. In this report, we make several contributions towards studying security issues in forwarding infrastructures. We present a general model for a forwarding infrastructure, analyze potential security vulnerabilities, and present techniques to address these vulnerabilities. The main technique that we introduce in this paper is the use of simple, light-weight, cryptographic constraints on forwarding entries. We show that it is possible to prevent a large class of attacks on end-hosts, and bound the flooding attacks that can be launched on the infrastructure nodes to a small constant value. Our mechanisms are general and apply to a variety of earlier proposals such as i3, DataRouter and Network Pointers.


BibTeX citation:

@techreport{Lakshminarayanan:EECS-2007-37,
    Author = {Lakshminarayanan, Karthik Kalambur and Adkins, Daniel Giannico and Perrig, Adrian and Stoica, Ion},
    Title = {Securing User-controlled Routing Infrastructures},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2007},
    Month = {Mar},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2007/EECS-2007-37.html},
    Number = {UCB/EECS-2007-37},
    Abstract = {Designing infrastructures that give untrusted third-parties (such as end-hosts) control over routing is a promising research direction for achieving flexible and efficient communication. However, serious concerns remain over the deployment of such infrastructures, none less than the new security vulnerabilities they introduce. The flexible control plane of these infrastructures can be exploited to launch many types of powerful attacks with little effort.  In this report, we make several contributions towards studying security issues in forwarding infrastructures.  We present a general model for a forwarding infrastructure, analyze potential security vulnerabilities, and present techniques to address these vulnerabilities.  The main technique that we introduce in this paper is the use of simple, light-weight, cryptographic constraints on forwarding entries.  We show that it is possible to prevent a large class of attacks on end-hosts, and bound the flooding attacks that can be launched on the infrastructure nodes to a small constant value.  Our mechanisms are general and apply to a variety of earlier proposals such as i3, DataRouter and Network Pointers.}
}

EndNote citation:

%0 Report
%A Lakshminarayanan, Karthik Kalambur
%A Adkins, Daniel Giannico
%A Perrig, Adrian
%A Stoica, Ion
%T Securing User-controlled Routing Infrastructures
%I EECS Department, University of California, Berkeley
%D 2007
%8 March 22
%@ UCB/EECS-2007-37
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2007/EECS-2007-37.html
%F Lakshminarayanan:EECS-2007-37