Systems Seminar - CSE

Origin Authentication in Interdomain Routing

Patrick McDaniel

Attacks against Internet routing are increasing in number and severity.
A central limitation of the current network infrastructure is the
absence of meaningful origin authentication: there is no way to
validate if an entity using an address has the right to do so. This
vulnerability is not only a conduit for malicious behavior, but
indirectly allows seemingly inconsequential misconfigurations to
disrupt large portions of the Internet. This talk discusses the
semantics, design, and costs of origin authentication in interdomain
routing. A formalization of address usage and delegation is presented
and broad classes of cryptographic proof systems appropriate for origin
authentication are considered.

The costs of origin authentication are largely determined by the form
and stability of the served address space. However, prior to this work,
little was known about the relevant characteristics of address use on
the Internet. Developed from collected interdomain routing data and
presented in this talk, our approximate delegation hierarchy shows that
current IP address delegation is dense and relatively static. One
notable result shows that as few as 16 entities are the source of 80%
of the delegation on the Internet. We further show via simulation that
these features can be exploited to efficiently implement Internet-scale
origin authentication. The talk is concluded with a an overview of
several ongoing efforts in routing security.

Patrick McDaniel is the Hartz Family Career Development Professor in
the Computer Science and Engineering Department at the Pennsylvania
State University. Prior to joining Penn State in Fall of 2004, Patrick
was a senior technical staff Member of the Secure Systems Group at AT&T
Labs-Research and Adjunct Professor of the Stern School of Business at
New York University. Patrick's recent research efforts have focused on
security management in distributed systems, network security, and
public policy and technical issues in digital media. Patrick is a past
recipient of the NASA Kennedy Space Center fellowship, a frequent
contributor to the IETF security standards, and has authored many
papers and book chapters in various areas of systems security.

Sponsored by

Atul Prakash