Active network vision and reality: lessions from a capsule-based system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Secure communications over insecure channels
Communications of the ACM
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Child-proof authentication for MIPv6 (CAM)
ACM SIGCOMM Computer Communication Review
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Internet indirection infrastructure
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Lightweight network support for scalable end-to-end services
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Security Considerations for Peer-to-Peer Distributed Hash Tables
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Robustness to inflated subscription in multicast congestion control
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
NIRA: a new Internet routing architecture
FDNA '03 Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A virtualized link layer with support for indirection
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Steps towards a DoS-resistant internet architecture
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Secure routing for structured peer-to-peer overlay networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
A secure active network environment architecture: realization in SwitchWare
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
Designing infrastructures that give untrusted third parties (such as end-hosts) control over routing is a promising research direction for achieving flexible and efficient communication. However, serious concerns remain over the deployment of such infrastructures, particularly the new security vulnerabilities they introduce. The flexible control plane of these infrastructures can be exploited to launch many types of powerful attacks with little effort. In this paper, we make several contributions towards studying security issues in forwarding infrastructures (FIs). We present a general model for an FI, analyze potential security vulnerabilities, and present techniques to address these vulnerabilities. The main technique that we introduce in this paper is the use of simple lightweight cryptographic constraints on forwarding entries. We show that it is possible to prevent a large class of attacks on end-hosts and bound the flooding attacks that can be launched on the infrastructure nodes to a small constant value. Our mechanisms are general and apply to a variety of earlier proposals such as i3, DataRouter, and Network Pointers.