International Journal of Computer
Trends and Technology

Research Article | Open Access | Download PDF

Volume 2 | Issue 2 | Year 2011 | Article Id. IJCTT-V2I2P126 | DOI : https://doi.org/10.14445/22312803/IJCTT-V2I2P126

An Authenticated Policy-Compliant Routing

Tatarao Dagani

Citation :

Tatarao Dagani, "An Authenticated Policy-Compliant Routing," International Journal of Computer Trends and Technology (IJCTT), vol. 2, no. 2, pp. 616-621, 2011. Crossref, https://doi.org/10.14445/22312803/IJCTT-V2I2P126

Abstract

In today’s Internet, inter-domain route control remains elusive; nevertheless, such control could improve the performance, reliability, and utility of the network for end users and ISPs alike. While researchers have proposed a number of source routing techniques to combat this limitation, there has thus far been no way for independent ASes to ensure that such traffic does not circumvent local traffic policies, nor to accurately determine the correct party to charge for forwarding the traffic. We present Platypus, an authenticated source routing system built around the concept of network capabilities, which allow for accountable, fine-grained path selection by cryptographically attesting to policy compliance at each hop along a source route. Capabilities can be composed to construct routes through multiple ASes and can be delegated to third parties. Platypus caters to the needs of both end users and ISPs: users gain the ability to pool their resources and select routes other than the default, while ISPs maintain control over where, when, and whose packets traverse their networks. We describe the design and implementation of an extensive Platypus policy framework that can be used to address several issues in wide-area routing at both the edge and the core, and evaluate its performance and security. Our results show that incremental deployment of Platypus can achieve immediate gains.

Keywords

Authentication, capabilities, overlay networks, source routing.

References

[1] S. Agarwal, C.-N. Chuah, and R. H. Katz, “OPCA: Robust interdomain policy routing and traffic control,” in Proc. IEEE OPENARCH, Apr. 2003, pp. 55–64.
[2] M. K. Aguilera, M. Ji, M. Lillibridge, J. MacCormick, E. Oertli, D. G. Andersen, M. Burrows, T. Mann, and C. A. Thekkath, “Block-level security for network-attached disks,” in Proc. USENIX FAST, Apr. 2003.
[3] D. G. Andersen, “Mayday: Distributed filtering for Internet services,” in Proc. USITS, Mar. 2003.
[4] D. G. Andersen, H. Balakrishnan, M. F. Kaashoek, and R. T. Morris, “Resilient overlay networks,” in Proc. ACM SOSP, Oct. 2001.
[5] R. Atkinson, “Security architecture for the Internet protocol,” in IETF, RFC 1825, Aug. 1995.
[6] H. Balakrishnan, V. N. Padmanabhan, and R. H. Katz, “The effects of asymmetry on TCP performance,” in Proc. ACM Mobicom, Sep. 1997.
[7] M. Bellare, R. Canetti, and H. Krawczyk, “Pseudorandom functions revisited: the cascade construction and its concrete security,” in Proc. IEEE FOCS, 1996, pp. 514–523.
[8] J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway,“UMAC: Fast and secure message authentication,” in Advances in Cryptology (CRYPTO’99), 1999, vol. LNCS 1666.
[9] J. Black and P. Rogaway, “A block-cipher mode of operation for parallelizable message authentication,” in Advances in Cryptology (EUROCRYPT’ 02), 2002, vol. LNCS 2332.
[10] M. Caesar and J. Rexford, “BGP policies in ISP networks,” IEEE Network, vol. 19, no. 6, pp. 5–11, Nov. 2005.
[11] CAIDA Skitter Project. [Online]. Available: http://www.caida.org/ tools/measurement/skitter/
[12] M. Casado, T. Garfinkel, A. Akella, D. Boneh, N. McKeown, and S. Shenker, “SANE: A protection architecture for enterprise networks,” in Proc. ACM/USENIX NSDI, May 2006.
[13] I. Castiñeyra, N. Chiappa, and M. Steenstrup, “The Nimrod routing architecture,” in IETF, RFC 1992, Aug. 1996.
[14] D. D. Clark, “Policy routing in Internet protocols,” in IETF, RFC 1102, May 1989. RAGHAVAN et al.: SECURE AND POLICY-COMPLIANT SOURCE ROUTING 777 [15] D. D. Clark, J. Wroclawski, K. R. Sollins, and R. Braden, “Tussle in cyberspace: Defining tomorrow’s Internet,” in Proc. ACM SIGCOMM, Aug. 2002. 
[15] D. D. Clark, J. Wroclawski, K. R. Sollins, and R. Braden, “Tussle in cyberspace: Defining tomorrow’s Internet,” in Proc. ACM SIGCOMM, Aug. 2002.