Results 11 - 20
of
270
An Architecture for Content Routing Support in the Internet
, 2001
"... The primary use of the Internet is content distribution --- the delivery of web pages, audio, and video to client applications --- yet the Internet was never architected for scalable content delivery. The result has been a proliferation of proprietary protocols and ad hoc mechanisms to meet growing ..."
Abstract
-
Cited by 96 (1 self)
- Add to MetaCart
(Show Context)
The primary use of the Internet is content distribution --- the delivery of web pages, audio, and video to client applications --- yet the Internet was never architected for scalable content delivery. The result has been a proliferation of proprietary protocols and ad hoc mechanisms to meet growing content demand. In this paper, we describe a content routing design based on name-based routing as part of an explicit Internet content layer. We claim that this content routing is a natural extension of current Internet directory and routing systems, allows efficient content location, and can be implemented to scale with the Internet.
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
"... Users and network administrators need ways to filter email messages based primarily on the reputation of the sender. Unfortunately, conventional mechanisms for sender reputation—notably, IP blacklists—are cumbersome to maintain and evadable. This paper investigates ways to infer the reputation of an ..."
Abstract
-
Cited by 87 (5 self)
- Add to MetaCart
(Show Context)
Users and network administrators need ways to filter email messages based primarily on the reputation of the sender. Unfortunately, conventional mechanisms for sender reputation—notably, IP blacklists—are cumbersome to maintain and evadable. This paper investigates ways to infer the reputation of an email sender based solely on network-level features, without looking at the contents of a message. First, we study first-order properties of network-levelfeaturesthatmayhelpdistinguish spammersfromlegitimatesenders. Weexaminefeatures thatcanbeascertainedwithouteverlookingatapacket’s contents, such as the distance in IP space to other email senders or the geographic distance between sender and receiver. We derive features that are lightweight, since they do not require seeing a large amount of email from a single IP address and can be gleaned without looking at an email’s contents—many such features are apparent from even a single packet. Second, we incorporate these features into a classification algorithm and evaluate the classifier’s ability to automatically classify email senders as spammers or legitimate senders. We build an automatedreputationengine, SNARE, based on these features using labeled data from a deployedcommercial spam-filtering system. We demonstrate that SNARE can achieve comparable accuracyto existing static IP blacklists: abouta70%detectionrateforlessthana0.3%false positive rate. Third, we show how SNARE can be integrated into existing blacklists, essentially as a first-pass filter.
PHAS: A Prefix Hijack Alert System
- SECURITY '06
, 2006
"... In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real- ..."
Abstract
-
Cited by 87 (11 self)
- Add to MetaCart
In a BGP prefix hijacking event, a router originates a route to a prefix, but does not provide data delivery to the actual prefix. Prefix hijacking events have been widely reported and are a serious problem in the Internet. This paper presents a new Prefix Hijack Alert System (PHAS). PHAS is a real-time notification system that alerts prefix owners when their BGP origin changes. By providing reliable and timely notification of origin AS changes, PHAS allows prefix owners to quickly and easily detect prefix hijacking events and take prompt action to address the problem. We illustrate the effectiveness of PHAS and evaluate its overhead using BGP logs collected from RouteViews. PHAS is light-weight, easy to implement, and readily deployable. In addition to protecting against false BGP origins, the PHAS concept can be extended to detect prefix hijacking events that involve announcing more specific prefixes or modifying the last hop in the path.
Origin Authentication in Interdomain Routing
, 2003
"... Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication: there is no way to validate claims of address ownership or location. The lack of such services enables not only attacks by malicious entities, but in ..."
Abstract
-
Cited by 70 (12 self)
- Add to MetaCart
Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication: there is no way to validate claims of address ownership or location. The lack of such services enables not only attacks by malicious entities, but indirectly allow seemingly inconsequential miconfigurations to disrupt large portions of the Internet. This paper considers the semantics, design, and costs of origin authentication in interdomain routing. We formalize the semantics of address delegation and use on the Internet, and develop and characterize broad classes of origin authentication proof systems. We estimate the address delegation graph representing the current use of IPv4 address space using available routing data. This effort reveals that current address delegation is dense and relatively static: as few as 16 entities perform 80% of the delegation on the Internet. We conclude by evaluating the proposed services via traced based simulation. Our simulation shows the enhanced proof systems can significantly reduce resource costs associated with origin authentication.
Beware of BGP Attacks
, 2004
"... This note attempts to raise awareness within the network research community about the security of the interdomain routing infrastructure. We identify several attack objectives and mechanisms, assuming that one or more BGP routers have been compromised. Then, we review the existing and proposed count ..."
Abstract
-
Cited by 70 (0 self)
- Add to MetaCart
(Show Context)
This note attempts to raise awareness within the network research community about the security of the interdomain routing infrastructure. We identify several attack objectives and mechanisms, assuming that one or more BGP routers have been compromised. Then, we review the existing and proposed countermeasures, showing that they are either generally ineffective (route filtering), or probably too heavyweight to deploy (S-BGP). We also review several recent proposals, and conclude by arguing that a significant research effort is urgently needed in the area of routing security.
A Survey of BGP Security Issues and Solutions
- AT&T Labs - Research, Florham Park, NJ
, 2004
"... The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failu ..."
Abstract
-
Cited by 69 (6 self)
- Add to MetaCart
(Show Context)
The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol of the Internet. Although the performance of BGP has been historically acceptable, there are continuing concerns about its ability to meet the needs of the rapidly evolving Internet. A major limitation of BGP is its failure to adequately address security. Recent outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design and ubiquity of BGP has frustrated past efforts at securing interdomain routing. This paper considers the vulnerabilities currently existing within interdomain routing and surveys works relating to BGP security. The limitations and advantages of proposed solutions are explored, and the systemic and operational implications of their designs considered. We note that no current solution has yet found an adequate balance between comprehensive security and deployment cost. This work calls not only for the application of ideas described within this paper, but also for further investigation into the problems and solutions of BGP security.
BGP-RCN: improving BGP convergence through root cause notification
, 2003
"... This paper presents a new mechanism, called BGP with Root Cause Notification (BGP-RCN), that provides ..."
Abstract
-
Cited by 64 (7 self)
- Add to MetaCart
This paper presents a new mechanism, called BGP with Root Cause Notification (BGP-RCN), that provides
A Light-Weight DIstributed Scheme for Detecting IP Prefix Hijacks in Real-Time
, 2007
"... As more and more Internet IP prefix hijacking incidents are being reported, the value of hijacking detection services has become evident. Most of the current hijacking detection approaches monitor IP prefixes on the control plane and detect inconsistencies in route advertisements and route qualities ..."
Abstract
-
Cited by 57 (3 self)
- Add to MetaCart
As more and more Internet IP prefix hijacking incidents are being reported, the value of hijacking detection services has become evident. Most of the current hijacking detection approaches monitor IP prefixes on the control plane and detect inconsistencies in route advertisements and route qualities. We propose a different approach that utilizes information collected mostly from the data plane. Our method is motivated by two key observations: when a prefix is not hijacked, 1) the hop count of the path from a source to this prefix is generally stable; and 2) the path from a source to this prefix is almost always a super-path of the path from the same source to a reference point along the previous path, as long as the reference point is topologically close to the prefix. By carefully selecting multiple vantage points and monitoring from these vantage points for any departure from these two observations, our method is able to detect prefix hijacking with high accuracy in a light-weight, distributed, and real-time fashion. Through simulations constructed based on real Internet measurement traces, we demonstrate that our scheme is accurate with both false positive and false negative ratios below 0:5%.
Don’t Secure Routing Protocols, Secure Data Delivery
- In Proc. 5th ACM Workshop on Hot Topics in Networks (Hotnets-V
, 2006
"... Internet routing and forwarding are vulnerable to attacks and misconfigurations that compromise secure communications ..."
Abstract
-
Cited by 55 (12 self)
- Add to MetaCart
(Show Context)
Internet routing and forwarding are vulnerable to attacks and misconfigurations that compromise secure communications
Append-only signatures
- in International Colloquium on Automata, Languages and Programming
, 2005
"... Abstract. The strongest standard security notion for digital signature schemes is unforgeability under chosen message attacks. In practice, however, this notion can be insufficient due to “side-channel attacks ” which exploit leakage of information about the secret internal state. In this work we pu ..."
Abstract
-
Cited by 53 (10 self)
- Add to MetaCart
Abstract. The strongest standard security notion for digital signature schemes is unforgeability under chosen message attacks. In practice, however, this notion can be insufficient due to “side-channel attacks ” which exploit leakage of information about the secret internal state. In this work we put forward the notion of “leakage-resilient signatures, ” which strengthens the standard security notion by giving the adversary the additional power to learn a bounded amount of arbitrary information about the secret state that was accessed during every signature generation. This notion naturally implies security against all side-channel attacks as long as the amount of information leaked on each invocation is bounded and “only computation leaks information.” The main result of this paper is a construction which gives a (tree-based, stateful) leakage-resilient signature scheme based on any 3-time signature scheme. The amount of information that our scheme can safely leak per signature generation is 1/3 of the information the underlying 3-time signature scheme can leak in total. Signature schemes that remain secure even if a bounded total amount of information is leaked were recently constructed, hence instantiating our construction with these schemes gives the first constructions of provably secure leakage-resilient signature schemes. The above construction assumes that the signing algorithm can sample truly random bits, and thus an implementation would need some special hardware (randomness gates). Simply generating this randomness using a leakage-resilient stream-cipher will in general not work. Our second contribution is a sound general principle to replace uniform random bits in any leakage-resilient construction with pseudorandom ones: run two leakage-resilient stream-ciphers (with independent keys) in parallel and then apply a two-source extractor to their outputs. 1
