Autonomous security for autonomous systems

Josh Karlin, Stephanie Forrest, Jennifer Rexford

Research output: Contribution to journalArticlepeer-review

45 Scopus citations

Abstract

The Internet's interdomain routing protocol, BGP, supports a complex network of Autonomous Systems which is vulnerable to a number of potentially crippling attacks. Several promising cryptography-based solutions have been proposed, but their adoption has been hindered by the need for community consensus, cooperation in a public key infrastructure (PKI), and a common security protocol. Rather than force centralized control in a distributed network, this paper examines distributed security methods that are amenable to incremental deployment. Typically, such methods are less comprehensive and not provably secure. The paper describes a distributed anomaly detection and response system that provides comparable security to cryptographic methods and has a more plausible adoption path. Specifically, the paper makes the following contributions: (1) it describes pretty good BGP (PGBGP), whose security is comparable (but not identical) to secure origin BGP; (2) it gives theoretical proofs on the effectiveness of PGBGP; (3) it reports simulation experiments on a snapshot of the Internet topology annotated with the business relationships between neighboring networks; (4) it quantifies the impact that known exploits could have on the Internet; and (5) it determines the minimum number of ASes that would have to adopt a distributed security solution to provide global protection against these exploits. Taken together these results explore the boundary between what can be achieved with provably secure centralized security mechanisms for BGP and more distributed approaches that respect the autonomous nature of the Internet.

Original languageEnglish (US)
Pages (from-to)2908-2923
Number of pages16
JournalComputer Networks
Volume52
Issue number15
DOIs
StatePublished - Oct 23 2008
Externally publishedYes

Keywords

  • Anomaly
  • BGP
  • Interdomain
  • Security

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Autonomous security for autonomous systems'. Together they form a unique fingerprint.

Cite this