Perfectly secure message transmission
Journal of the ACM (JACM)
The space complexity of approximating the frequency moments
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Approximate nearest neighbors: towards removing the curse of dimensionality
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
When the CRC and TCP checksum disagree
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Database-friendly random projections
PODS '01 Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Trajectory sampling for direct traffic observation
IEEE/ACM Transactions on Networking (TON)
Efficient Authentication and Signing of Multicast Streams over Lossy Channels
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Tabulation based 4-universal hashing with applications to second moment estimation
SODA '04 Proceedings of the fifteenth annual ACM-SIAM symposium on Discrete algorithms
Finding frequent items in data streams
Theoretical Computer Science - Special issue on automata, languages and programming
Improving accuracy in end-to-end packet loss measurement
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Detecting and Isolating Malicious Routers
IEEE Transactions on Dependable and Secure Computing
Inferring and debugging path MTU discovery failures
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Stealth probing: efficient data-plane security for IP routing
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Accurate and efficient SLA compliance monitoring
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A study of prefix hijacking and interception in the internet
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Sketching in adversarial environments
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
One-way functions are essential for complexity based cryptography
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Protocols and lower bounds for failure localization in the internet
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Rationality and traffic attraction: incentives for honest path announcements in bgp
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
UFO: a resilient layered routing architecture
ACM SIGCOMM Computer Communication Review
Authenticated Adversarial Routing
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Packet-dropping adversary identification for data plane security
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Cabernet: connectivity architecture for better network services
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Accountability in hosted virtual networks
Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures
An adaptive three-party accounting protocol
Proceedings of the 5th international student workshop on Emerging networking experiments and technologies
Dynamic route recomputation considered harmful
ACM SIGCOMM Computer Communication Review
Protocols and lower bounds for failure localization in the internet
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
From optimization to regret minimization and back again
SysML'08 Proceedings of the Third conference on Tackling computer systems problems with machine learning techniques
Asynchronous throughput-optimal routing in malicious networks
ICALP'10 Proceedings of the 37th international colloquium conference on Automata, languages and programming: Part II
Verifiable network-performance measurements
Proceedings of the 6th International COnference
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network architecture for joint failure recovery and traffic engineering
Proceedings of the ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Network architecture for joint failure recovery and traffic engineering
ACM SIGMETRICS Performance Evaluation Review - Performance evaluation review
Verifying and enforcing network paths with icing
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Provable security of S-BGP and other path vector protocols: model, analysis and extensions
Proceedings of the 2012 ACM conference on Computer and communications security
Improving availability in distributed systems with failure informers
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Edge networks connected to the Internet need effective monitoring techniques to drive routing decisions and detect violations of Service Level Agreements (SLAs). However, existing measurement tools, like ping, traceroute, and trajectory sampling, are vulnerable to attacks that can make a path look better than it really is. In this paper, we design and analyze path-quality monitoring protocols that reliably raise an alarm when the packet-loss rate and delay exceed a threshold, even when an adversary tries to bias monitoring results by selectively delaying, dropping, modifying, injecting, or preferentially treating packets. Despite the strong threat model we consider in this paper, our protocols are efficient enough to run at line rate on high-speed routers. We present a secure sketching protocol for identifying when packet loss and delay degrade beyond a threshold. This protocol is extremely lightweight, requiring only 250-600 bytes of storage and periodic transmission of a comparably sized IP packet to monitor billions of packets. We also present secure sampling protocols that provide faster feedback and accurate round-trip delay estimates, at the expense of somewhat higher storage and communication costs. We prove that all our protocols satisfy a precise definition of secure path-quality monitoring and derive analytic expressions for the trade-off between statistical accuracy and system overhead. We also compare how our protocols perform in the client-server setting, when paths are asymmetric, and when packet marking is not permitted.