Monday, October 6, 2:00PM
Lieb 3rd floor Conference Room
Computer Science Department
Stevens Institute of Technology
Abstract
Attacks against Internet routing are increasing in number and
severity. Contributing greatly to these attacks is the absence of
origin authentication: there is no way to validate claims of address
ownership or location. The lack of such services enables not only
attacks by malicious entities, but indirectly allow seemingly
inconsequential miconfigurations to disrupt large portions of the
Internet. This paper considers the semantics, design, and costs of
origin authentication in interdomain routing. We formalize the
semantics of address delegation and use on the Internet, and develop
and characterize broad classes of origin authentication proof systems.
We estimate the address delegation graph representing the current use
of IPv4 address space using available routing data. This effort
reveals that current address delegation is dense and relatively
static: as few as 16 entities perform 80% of the delegation on the
Internet. We conclude by evaluating the proposed services via traced
based simulation. Our simulation shows the enhanced proof systems can
significantly reduce resource costs associated with origin
authentication.