1 / 1

Accountable Internet Protocol

Receive nonce resp. Accountable Internet Protocol. N. Accept & forward. Y. In accept cache?. N. Add A (or E): iface to accept cache. Trust nbhr AD?. Verify signature. Local AD?. Y. Receive pkt w/ src A:E. Y. N. Drop pkt Send nonce to A or E.

brandon-hopper
Download Presentation

Accountable Internet Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Receive nonce resp Accountable Internet Protocol N Accept &forward Y In accept cache? N Add A (or E):ifaceto accept cache Trust nbhrAD? Verify signature Local AD? Y Receive pktw/ srcA:E Y N Drop pktSend nonce to A or E Nonce response must be signed w/ A’s (or E’s) priv key David Andersen (CMU), Hari Balakrishnan (MIT),Nick Feamster (Georgia Tech), Scott Shenker (UC Berkeley) • SummaryIntrinsic support for network-layer accountability in the InternetMain idea: New addressing scheme for networks and hosts • AD and EID: self-certifying flat names • AD = hash(public_key_of_AD, other_stuff) • Self-certification binds name to named entity Address = AD:EID AD2 AD3 AD1 Two Types of Accountability Each host has a global EID • Control-plane accountability improves security of the routing protocol • Source accountability detects spoofing and forgery Autonomous domains,each with unique ID(smaller than an AS) If multihomed, has multiple addressesAD1:EID,AD2:EID,AD3:EID Control-Plane Accountability Data-Plane Accountability • Origin authentication: Ensure routing prefix being originated by AS X actually belongs to X • Path authentication: Ensure accuracy of AS path • S-BGP (and soBGP) require external infrastructuresRouting registry recording prefix ownership PKI (database) mapping AS to its public key. In practice, registries notoriously inaccurate • AIP: ADs exchange pub keys via BGP messagesPath auth identical to S-BGP (but no PKI). Origin authentication achieved without registry Application: Shut-Off • Problem:Compromised host X sending unwanted traffic to D • (X is “well-intentioned”, owner benign [Shaw]) D X Challenges • Minting of EIDs and ADs • Key management and compromise • Routing scalability • Traffic engineering Shut-off packet signed by D to X:{time, D’s pub key, hash of recent pkt recd from X by D, TTL} • Can send shut-offs to hosts or to ADs • Shut-off scheme implemented in NIC firmware • Immutable by host software (updates require physical access via USB/serial port)

More Related