|
Principal Investigator: Akyol, B., Wright, Andrew Project Description: This project focused on presenting a new approach to validating origin and path information carried in the BGP-4 UPDATE messages that govern interdomain routing in the Internet. The goal was to provide effective defenses against both invalid origin and incorrect path injection attacks, while remaining scalable, incrementally deployable, and operationally simple. The approach centered on constructing a Reachability Validation Graph (RVG), against which origin and path information in route advertisements could be checked for validity. A paper was published proposing three alternative mechanisms for obtaining authenticated information with which to build the RVG. Project Impact: A proposed mechanism for providing effective defenses against both invalid origin and incorrect path injection attacks, while remaining scalable, incrementally deployable, and operationally simple. Project Details: Interdomain routing involves the exchange of origin and path information in route advertisements between the autonomous systems (ASes) that form the Internet. Border Gateway Protocol (BGP) version 4 is the primary routing protocol that is used to perform this task. However, there are currently no Internet standards, either part of BGP or otherwise, for authenticating this reachability information. This project explored and resulted in a new approach to validating the origin and path information carried in BGP UPDATE messages. Our goal was to provide effective defenses against both invalid origin and incorrect path injection attacks, while remaining scalable, incrementally deployable, and operationally simple. Our approach centered on constructing a Reachability Validation Graph (RVG), against which origin and path information can be checked for validity. An RVG need not be constructed on every BGP speaking border router. Rather, an autonomous system may choose to compute RVGs on one or several Reachability Validation Servers (RVS) and periodically download the information to its border routers. We proposed three alternative mechanisms for obtaining authenticated information with which to build RVGs. Project Deliverables: Route Validation Graphs for Interdomain Routing Status: Completed |
Guest
(