The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
Trading packet headers for packet processing
IEEE/ACM Transactions on Networking (TON)
Crowds: anonymity for Web transactions
ACM Transactions on Information and System Security (TISSEC)
The design and implementation of an intentional naming system
Proceedings of the seventeenth ACM symposium on Operating systems principles
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
An analysis of BGP multiple origin AS (MOAS) conflicts
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Internet indirection infrastructure
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
A Block-Cipher Mode of Operation for Parallelizable Message Authentication
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Anonymous Connections and Onion Routing
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
RR-TCP: A Reordering-Robust TCP with DSACK
ICNP '03 Proceedings of the 11th IEEE International Conference on Network Protocols
A first-principles approach to understanding the internet's router-level topology
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A system for authenticated policy-compliant routing
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Loose source routing as a mechanism for traffic policies
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Walking the tightrope: responsive yet stable traffic engineering
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Nira: a new internet routing architecture
Nira: a new internet routing architecture
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Optimizing OSPF/IS-IS weights in a changing world
IEEE Journal on Selected Areas in Communications
Building extensible networks with rule-based forwarding
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
CoDef: collaborative defense against large-scale link-flooding attacks
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Hi-index | 0.00 |
This paper examines a new building block for next-generation networks: SNAPP, or Stateless Network-Authenticated Path Pinning. SNAPP-enabled routers securely embed their routing decisions in the packet headers of a stream of traffic, effectively pinning a flow's path between sender and receiver. A sender can use the pinned path (even if routes subsequently change) by including the path embedding in later packet headers. This architectural building block decouples routing from forwarding, which greatly enhances the availability of a path in the face of routing misconfigurations or malicious attacks. To demonstrate the extreme flexibility of SNAPP, we show how it can support a wide range of applications, including sender-controlled paths, expensive route lookups, sender anonymity, and sender accountability. Our analysis shows that SNAPP's overhead is low, and the system is easily implemented in hardware. We believe that SNAPP is a worthy addition to the network architect's toolbox, enabling a variety of new designs and trade-offs.