On power-law relationships of the Internet topology
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
An analysis of BGP multiple origin AS (MOAS) conflicts
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
BGP4: Inter-Domain Routing in the Internet
BGP4: Inter-Domain Routing in the Internet
Understanding BGP misconfiguration
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
BGP routing stability of popular destinations
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Fast Digital Identity Revocation (Extended Abstract)
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On Certificate Revocation and Validation
FC '98 Proceedings of the Second International Conference on Financial Cryptography
The impact of address allocation and routing on the structure and implementation of routing tables
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
An efficient message authentication scheme for link state routing
ACSAC '97 Proceedings of the 13th Annual Computer Security Applications Conference
Random Evolution in Massive Graphs
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Efficient Certificate Revocation
Efficient Certificate Revocation
ACM SIGCOMM Computer Communication Review
The impact of BGP dynamics on intra-domain traffic
Proceedings of the joint international conference on Measurement and modeling of computer systems
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Listen and whisper: security mechanisms for BGP
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Certificate revocation and certificate update
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
How secure are secure interdomain routing protocols
Proceedings of the ACM SIGCOMM 2010 conference
Bootstrapping accountability in the internet we have
Proceedings of the 8th USENIX conference on Networked systems design and implementation
BGP security in partial deployment: is the juice worth the squeeze?
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
| Hi-index | 0.00 |
Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication; there is no way to validate claims of address ownership or location. The lack of such services not only enables attacks by malicious entities, but also indirectly allows seemingly inconsequential misconfigurations to disrupt large portions of the Internet. This paper considers the semantics, design, and costs of origin authentication in interdomain routing. We formalize the semantics of address delegation and use on the Internet, and develop and characterize original, broad classes of origin authentication proof systems. We estimate the address delegation graph representing the current use of IPv4 address space using available routing data. This effort reveals that current address delegation is dense and relatively static: as few as 16 entities perform 80% of the delegation on the Internet. We conclude by evaluating the proposed services via trace-based simulation, which demonstrates that the enhanced proof systems can significantly reduce resource costs associated with origin authentication.