Bootstrapping accountability in the internet we have

Authors:
Ang Li;Xin Liu;Xiaowei Yang
Affiliations:
Dept. of Computer Science, Duke University;Dept. of Computer Science, Duke University;Dept. of Computer Science, Duke University
Venue:
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Year:
2011

Citing 17
Cited 4

Hierarchical packet fair queueing algorithms

IEEE/ACM Transactions on Networking (TON)
SPV: secure path vector routing for securing BGP

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A DoS-limiting network architecture

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Modeling adoptability of secure BGP protocol

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Origin authentication in interdomain routing

Computer Networks: The International Journal of Computer and Telecommunications Networking
Designing extensible IP router software

NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Strong accountability for network storage

ACM Transactions on Storage (TOS)
PeerReview: practical accountability for distributed systems

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
AS-based accountability as a cost-effective DDoS defense

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Passport: secure and adoptable source authentication

NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
To filter or to authorize: network-layer DoS defense against multimillion-node botnets

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Accountable internet protocol (aip)

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Quantifying the operational status of the DNSSEC deployment

Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Encrypting the internet

Proceedings of the ACM SIGCOMM 2010 conference
NetFence: preventing internet denial of service from inside out

Proceedings of the ACM SIGCOMM 2010 conference
Secure Border Gateway Protocol (S-BGP)

IEEE Journal on Selected Areas in Communications
Free-riding and whitewashing in peer-to-peer systems

IEEE Journal on Selected Areas in Communications

The great IPv4 land grab: resource certification for the IPv4 grey market

Proceedings of the 10th ACM Workshop on Hot Topics in Networks
ASAP: a low-latency transport layer

Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Verifying and enforcing network paths with icing

Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Lack of accountability makes the Internet vulnerable to numerous attacks, including prefix hijacking, route forgery, source address spoofing, and DoS flooding attacks. This paper aims to bring accountability to the Internet with low-cost and deployable enhancements. We present IPA, a design that uses the readily available top-level DNSSEC infrastructure and BGP to bootstrap accountability. We show how IPA enables a suite of security modules that can combat various network-layer attacks. Our evaluation shows that IPA introduces modest overhead and is gradually deployable. We also discuss how the design incentivizes early adoption.