Incrementally-Deployable Security for Interdomain Routing

Author

Rexford, Jennifer ; Feigenbaum, Joan

Author_Institution

Princeton Univ., Princeton, NJ

fYear

2009

fDate

3-4 March 2009

Firstpage

130

Lastpage

134

Abstract

The Internetpsilas interdomain-routing system is extremely vulnerable to accidental failure, configuration errors, and malicious attack. Any successful approach to improving interdomain-routing security must satisfy two requirements for incremental deployability: backwards compatibility with the existing routing protocol and installed base of routers and incentive compatibility with the desire of each domain to improve its part of the routing system even if other domains have not taken similar steps. We propose an incrementally deployable approach based on a routing control platform (RCP) that makes routing decisions on behalf of the routers in a domain, without requiring changes to the routers or protocols. The RCP runs anomaly-detection algorithms that identify, and avoid, suspicious routes, allowing a domain (or a small group of cooperating domains) to significantly improve interdomain routing security.

Keywords

Internet; routing protocols; security of data; Internet´s; accidental failure; anomaly-detection algorithms; backwards compatibility; configuration errors; incentive compatibility; incremental deploy; incrementally-deployable security; interdomain routing; malicious attack; routing control platform; routing protocol; Computer security; IEEE news; IP networks; Information security; Internet; National security; Routing protocols; Telecommunication traffic; Terrorism; YouTube; Critical Infrastructure Protection; Security and Trustworthiness; Security of Operational Systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology

Conference_Location

Washington, DC

Print_ISBN

978-0-7695-3568-5

Type

conf

DOI

10.1109/CATCH.2009.35

Filename

4804435