Accountable internet protocol (aip)

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Accountable internet protocol (aip)

Full text

Pdf (643 KB)

Source

Applications, Technologies, Architectures, and Protocols for Computer Communication archive
Proceedings of the ACM SIGCOMM 2008 conference on Data communication table of contents

Seattle, WA, USA

SESSION: Security II table of contents

Pages 339-350

Year of Publication: 2008

ISBN:978-1-60558-175-0

Also published in ...

Authors

David G. Andersen	CMU, Pittsburgh, PA, USA
Hari Balakrishnan	MIT, Cambridge, MA, USA
Nick Feamster	Georgia Institute of Technology, Atlanta, GA, USA
Teemu Koponen	ICSI and HIIT, Berkeley, CA, USA
Daekyeong Moon	UC Berkeley, Berkeley, CA, USA
Scott Shenker	UC Berkeley, Berkeley, CA, USA

Sponsors

ACM: Association for Computing Machinery
SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 27, Downloads (12 Months): 334, Citation Count: 5

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1402958.1402997 What is a DOI?

ABSTRACT

This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the corresponding entity. We discuss how AIP enables simple solutions to source spoofing, denial-of-service, route hijacking, and route forgery. We also discuss how AIP's design meets the challenges of scaling, key management, and traffic engineering.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	ITRS international technology roadmap for semiconductors, 2006.
	2	Kent Andersen , Quentin Louveaux , Robert Weismantel , Laurence A. Wolsey, Inequalities from Two Rows of a Simplex Tableau, Proceedings of the 12th international conference on Integer Programming and Combinatorial Optimization, June 25-27, 2007, Ithaca, NY, USA [doi>10.1007/978-3-540-72792-7_1]
	3	APNIC. The APNIC Resource Certification Page. http://mirin.apnic.net/resourcecerts/.
	4	Katerina Argyraki , David R. Cheriton, Active internet traffic filtering: real-time response to denial-of-service attacks, Proceedings of the annual conference on USENIX Annual Technical Conference, p.10-10, April 10-15, 2005, Anaheim, CA
	5	T. Aura. Cryptographically Generated Addresses (CGA). Internet Engineering Task Force, Mar. 2005. RFC 3972.
	6	Robert Beverly , Steven Bauer, The spoofer project: inferring the extent of source address filtering on the internet, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p.8-8, July 07, 2005, Cambridge, MA
	7	CNET News.com. Router Glitch Cuts Net Access. http://news.com.com/2100-1033-279235.html, Apr. 1997.
	8	Z. Duan, X. Yuan, and J. Chandrashekar. Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates. In Proc. IEEE INFOCOM, Mar. 2006.
	9	D. Farinacci, V. Fuller, D. Oran, and D. Meyer. Locator/ID Separation Protocol (LISP). Internet Engineering Task Force, Apr. 2008. Internet Draft (http://tools.ietf.org/html/draft-farinacci-lisp-07). Work in progress, expires October 2008.
	10	P. Ferguson , D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC Editor, 1998
	11	P. Ferguson and D. Senie. Network Ingress Filtering. Internet Engineering Task Force, May 2000. BCP 38, RFC 2827.
	12	V. Fuller. Scaling issues with routing+multihoming, Feb. 2007. Plenary session at APRICOT, the Asia Pacific Regional Internet Conference on Operational Technologies.
	13	G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin. Working around BGP: An incremental approach to improving security and accuracy in interdomain routing. In Proc. NDSS, Feb. 2003.
	14	G. Huston, G. Michaelson, and R. Loomans. A Profile for Resource Certificate Repository Structure. Internet Engineering Task Force, June 2006. http://mirin.apnic.net/resourcecerts/project-notes/draft-ietf-sidr-repos-struct-00.html.
	16	J. Karlin, S. Forrest, and J. Rexford. Pretty Good BGP: Protecting BGP by cautiously selecting routes. Technical report, University of New Mexico, Oct. 2005. TR-CS-2005-37.
	17	F. Kastenholz. ISLAY: A New Routing and Addressing Architecture. Internet Engineering Task Force, May 2002. http://ietfreport.isoc.org/idref/draft-irtf-routing-islay/.
	18	S. Kent , R. Atkinson, Security Architecture for the Internet Protocol, RFC Editor, 1998
	19	S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (S-BGP). IEEE JSAC, 18 (4): 582--592, Apr. 2000.
	20	T. Killalea, Recommended Internet Service Provider Security Services and Procedures, RFC Editor, 2000
	21	Dmitri Krioukov , k c claffy , Kevin Fall , Arthur Brady, On compact routing for the internet, ACM SIGCOMM Computer Communication Review, v.37 n.3, July 2007 [doi>10.1145/1273445.1273450]
	22	Mohit Lad , Dan Massey , Dan Pei , Yiguo Wu , Beichuan Zhang , Lixia Zhang, PHAS: a prefix hijack alert system, Proceedings of the 15th conference on USENIX Security Symposium, July 31-August 04, 2006, Vancouver, B.C., Canada
	23	Jure Leskovec , Jon Kleinberg , Christos Faloutsos, Graphs over time: densification laws, shrinking diameters and possible explanations, Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining, August 21-24, 2005, Chicago, Illinois, USA [doi>10.1145/1081870.1081893]
	24	J. Li, R. Bush, Z. M. Mao, T. Griffin, M. Roughan, D. Stutzbach, and E. Purpus. Watching data streams toward a multi-homed sink under routing changes introduced by a BGP beacon. In Passive & Active Measurement (PAM), Mar. 2006.
	25	Xin Liu , Ang Li , Xiaowei Yang , David Wetherall, Passport: secure and adoptable source authentication, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.365-378, April 16-18, 2008, San Francisco, California
	26	David Mazières , Michael Kaminsky , M. Frans Kaashoek , Emmett Witchel, Separating key management from file system security, Proceedings of the seventeenth ACM symposium on Operating systems principles, p.124-139, December 12-15, 1999, Charleston, South Carolina, United States
	27	D. McCullagh. How Pakistan knocked YouTube offline. http://news.cnet.com/8301-10784_3-9878655-7.html, Feb. 2008.
	28	D. Meyer, L. Zhang, and K. Fall. Report from the IAB Workshop on Routing and Addressing. Internet Engineering Task Force, Sept. 2007. RFC 4984.
	29	R. Moskowitz and P. Nikander. Host Identity Protocol (HIP) Architecture. Internet Engineering Task Force, May 2006. RFC 4423.
	30	M. Ohta. 8+8 Addressing for IPv6 End to End Multihoming, Jan. 2004. draft-ohta-multi6-8plus8-00 (Expired IETF Draft).
	31	Kihong Park , Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.15-26, August 2001, San Diego, California, United States
	32	Anirudh Ramachandran , Nick Feamster, Understanding the network-level behavior of spammers, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
	33	Anirudh Ramachandran , Nick Feamster, Understanding the network-level behavior of spammers, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
	34	Renesys. Renesys Routing Intelligence. http://www.renesys.com/products_services/routing_intelligence.shtml.
	35	Marianne Shaw, Leveraging good intentions to reduce unwanted network traffic, Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet, p.9-9, July 07, 2006, San Jose, CA
	36	G. Siganos and M. Faloutsos. Analyzing BGP Policies: Methodology and Tool. In Proc. IEEE INFOCOM, Mar. 2004.
	37	T. L. Simon. oof. panix sidelined by incompetence... again. http://merit.edu/mail.archives/nanog/2006-01/msg00483.html, Jan. 2006.
	38	Alex C. Snoeren , Hari Balakrishnan, An end-to-end approach to host mobility, Proceedings of the 6th annual international conference on Mobile computing and networking, p.155-166, August 06-11, 2000, Boston, Massachusetts, United States [doi>10.1145/345910.345938]
	39	Spammer, Inside the spam cartel, Syngress Publishing, 2004
	40	G. Varghese. Network Algorithmics. Morgan Kaufmann, 2007.
	41	P. Verkaik, A. Broido, kc claffy, R. Gao, Y. Hyun, and R. van der Pol. Beyond CIDR aggregation. Technical Report TR-2004-01, CAIDA, Feb. 2004.
	42	Q. Vohra and E. Chen. BGP Support for Four-octet AS Number Space. Internet Engineering Task Force, May 2007. RFC 4893.
	43	Michael Walfish , Jeremy Stribling , Maxwell Krohn , Hari Balakrishnan , Robert Morris , Scott Shenker, Middleboxes no longer considered harmful, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.15-15, December 06-08, 2004, San Francisco, CA
	44	R. White. Securing BGP through secure origin BGP. The Internet Protocol Journal, 6 (3), Sept. 2003. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-3/ipj_6-3.pdf.
	45	Q. Wu, Y. Liao, T. Wolf, and L. Gao. Benchmarking BGP routers. In Proc. IEEE International Symposium on Workload Characterization (IISWC), Sept. 2007.
	46	Xinyang Zhang , Paul Francis , Jia Wang , Kaoru Yoshida, Scaling IP Routing with the Core Router-Integrated Overlay, Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols, p.147-156, November 12-15, 2006 [doi>10.1109/ICNP.2006.320208]

CITED BY 5

	Christian Esteve , Fábio L. Verdi , Maurício F. Magalhães, Towards a new generation of information-oriented internetworking architectures, Proceedings of the 2008 ACM CoNEXT Conference, p.1-6, December 09-12, 2008, Madrid, Spain
	Andreas Haeberlen , Ioannis Avramopoulos , Jennifer Rexford , Peter Druschel, NetReview: detecting when interdomain routing goes wrong, Proceedings of the 6th USENIX symposium on Networked systems design and implementation, p.437-452, April 22-24, 2009, Boston, Massachusetts
	Pascale Vicat-Blanc Primet , Jean-Patrick Gelas , Olivier Mornard , Guilherme Koslovski , Vincent Roca , Lionel Giraud , Johan Montagnat , Tram Truong Huu, A Scalable Security Model for Enabling Dynamic Virtual Private Execution Infrastructures on the Internet, Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, p.348-355, May 18-21, 2009
	Lorenzo De Carli , Yi Pan , Amit Kumar , Cristian Estan , Karthikeyan Sankaralingam, PLUG: flexible lookup modules for rapid deployment of new protocols in high-speed routers, ACM SIGCOMM Computer Communication Review, v.39 n.4, October 2009
	Yinglian Xie , Fang Yu , Martin Abadi, De-anonymizing the internet using unreliable IDs, ACM SIGCOMM Computer Communication Review, v.39 n.4, October 2009