Josh Karlin, University of New Mexico and Stephanie Forrest, University of New Mexico and Jennifer Rexford, Princeton University
The Internet's interdomain routing protocol, BGP, is vulnerable
to a number of potentially crippling attacks. Many promising
cryptography-based solutions have been proposed, but none have been
embraced by the necessary communities to garner significant adoption.
This is largely due to the difficulty of developing and maintaining
the necessary PKI infrastructure and changes to the BGP protocol that
the proposed solutions require. Alternative solutions such as anomaly
detectors have been unable to provide the same level of security as
the cryptographic mechanisms.
In this presentation we describe an anomaly
detector and response mechanism capable of automatically stopping the
propagation of invalid path attacks, a difficult class of attacks to
detect. Our solution provides comparable security to the
cryptographic methods and could be readily deployed with a simple
software upgrade in participating networks.
Bio:
Josh Karlin is a graduate student in the Adaptive Computation Laboratory at the University of New Mexico under
the guidance of Stephanie Forrest. His research interests are in network protocol security.
Presentation PDF
Real Video Presentation
