Internet Protocol Made Accountable
نویسندگان
چکیده
The Internet design is vulnerable to numerous attacks, including source address spoofing, denial of service flooding, prefix hijacking, and route forgery attacks. Despite much research, this situation does not seem to improve: prefix hijacking or denial of service attacks continue to make headline news [10, 25]. This disheartening fact has prompted researchers to propose a radically different Internet architecture AIP [4] that replaces the aggregatable IP addresses with flat self-certifying addresses. Although promising, the AIP design is not without challenges. Chief among them is deployability. AIP requires an overhaul of the Internet Protocol (IP). All hosts and networks must be re-numbered. Applications must be revised to use AIP addresses. Hosts also need special hardware “smartNIC” to block DoS flooding traffic [4]. Every routing protocol, both intra-domain and inter-domain, must be revised to propagate AIP addresses, and routers must be upgraded to forward packets with AIP addresses. DNS must be extended to include AIP records, and so on. Moreover, AIP’s flat addresses prohibit CIDR-style address aggregation, which is a best current practice for scalable routing [15]. In this paper, we ask the question: can we design an Internet architecture that is as accountable as AIP but without its deployment and scalability tradeoffs? To this end, we explore a design that provides accountability into the Internet while retaining the IP addressing structure. We refer to this design as IPa+ (standing for accountability enhanced Internet Protocol). The IPa+ design uses the chain of trust embedded in the Internet address allocation process to bind an address prefix to an authorized Autonomous System’s (AS’s) public key. Since AS numbers are flat identifiers that do not impact routing scalability, the IPa+ design uses the hash of an AS’s public key as its self-certifying AS identifier in BGP. The IPa+ design uses DNSSEC [5, 7, 6, 23] to publish the secure bindings between an address prefix and its authorized AS’s public key, as DNSSEC is being rapidly deployed by Internet registries [12]. A signed record in the reverse DNS zone (in-addr.arpa) serves as a lightweight certificate that secures a prefix-to-key binding. Routers may distribute these lightweight certificates as BGP attributes to secure routing. This design removes a significant deployment hurdle for securing BGP [17], as it obviates the need for an Internet registry to maintain an additional public key infrastructure. The secure binding between a key and an IP address prefix bootstraps accountability in the network. It enables an AS to authenticate both its routing announcements and packets originated from its network. ASes can run a secure routing protocol (e.g., sBGP [18]) to authenticate its routing announcements and prevents prefix hijacking and route forgery attacks. It can then use a source authentication system [20] that piggybacks a Diffie-Hellman key exchange in secure BGP announcements to allow ASes to share pair-wise secret keys. A source AS may use this key to authenticate packets originated from its network with low overhead [20]. Source authentication makes a sender accountable for its actions. It further enables simple DoS solutions that block attack traffic near its sources [22,8,30], and secure congestion policing mechanisms that preventmalicious flows from congesting the network to starve legitimate communications. We evaluate the feasibility of IPa+ using data downloaded from regional Internet registries (RIRs) (§ 3). Our analysis shows that the load on the Internet registries is manageable, as the number of daily address prefix allocations at each RIR is small. We also present a preliminary comparison between IPa+ and AIP in terms of their security features, deployability, and scalability of IPa+ and AIP. Our study suggests that IPa+ provides nearly equivalent (if not stronger) security features to AIP and can be incrementally deployed on the IP network. It also requires fewer changes to the present Internet architecture, but some of the upgraded components (such as the access routers) in the IPa+ design implement more complicated functions.
منابع مشابه
Holding the Internet Accountable
Today’s IP network layer provides little to no protection against misconfiguration or malice. Despite some progress in improving the robustness and security of the IP layer, misconfigurations and attacks still occur frequently. We show how a network layer that provides accountability, i.e., the ability to associate each action with the responsible entity, provides a firm foundation for defenses...
متن کاملAccountability for Perfection
3 From the Editors trail documenting what the system is supposed to do (and not supposed to do), why the design should work, and what assumptions are being made. So, to hold software producers accountable, we need a mature discipline of forensics for computing systems and components. But getting there will require some radical changes in software development practices, since in addition to deli...
متن کاملAn Accountable Anonymous Data Aggregation Scheme for Internet of Things
The Internet of Things (IoT) has become increasingly popular in people’s daily lives. The pervasive IoT devices are encouraged to share data with each other in order to better serve the users. However, users are reluctant to share sensitive data due to privacy concerns. In this paper, we study the anonymous data aggregation for the IoT system, in which the IoT company servers, though not fully ...
متن کاملImproving the Performance of RPL Routing Protocol for Internet of Things
The emerging Internet of Things (IoT) connects the physical world to the digital one and composes large networks of smart devices to support various applications. In order to provide a suitable communication in such networks, a reliable routing protocol is needed. In this paper, a modified version of an IPv6 Routing Protocol for Low-Power and Lossy networks (RPL), which has been standardized by...
متن کاملA method to increasing the Quality of Service (QoS) in Wireless body area networks by providing a MAC layer Protocol based of Internet of Things
With the development of technology, the use of wireless telecommunication networks for the various affairs is essential. These networks are one of the safest and most widely used networks, for instance, in medical care and remote patient monitoring. What matters is the quality of service in these networks. The purpose of this paper is to increase packet transduction in a wireless body area netw...
متن کامل