TY - GEN
T1 - A distributed reputation approach to cooperative internet routing protection
AU - Yu, Harlan
AU - Rexford, Jennifer L.
AU - Felten, Edward William
PY - 2005
Y1 - 2005
N2 - The security of the Internet's interdomain routing system hinges on whether autonomous systems (ASes) can trust the information they receive from each other via the Border Gateway Protocol (BGP). Frequently, this trust has been misguided, resulting in wide-spread outages and significant concerns about future attacks. Despite the seriousness of these problems, proposals for a more secure version of BGP have been stymied by serious impediments to practical deployment. Instead, we argue that the existing trust relationships between network operators (and the institutions they represent) are a powerful force for improving the security of BGP, without changing the underlying routing protocol. Our approach leverages ideas from online reputation systems to allow ASes to form a peer-to-peer overlay that integrates results from local network-management tools for detecting attacks and configuration errors. The proposed architecture is incrementally deployable, protects against shilling attacks, and deters malicious operator behavior.
AB - The security of the Internet's interdomain routing system hinges on whether autonomous systems (ASes) can trust the information they receive from each other via the Border Gateway Protocol (BGP). Frequently, this trust has been misguided, resulting in wide-spread outages and significant concerns about future attacks. Despite the seriousness of these problems, proposals for a more secure version of BGP have been stymied by serious impediments to practical deployment. Instead, we argue that the existing trust relationships between network operators (and the institutions they represent) are a powerful force for improving the security of BGP, without changing the underlying routing protocol. Our approach leverages ideas from online reputation systems to allow ASes to form a peer-to-peer overlay that integrates results from local network-management tools for detecting attacks and configuration errors. The proposed architecture is incrementally deployable, protects against shilling attacks, and deters malicious operator behavior.
UR - http://www.scopus.com/inward/record.url?scp=33749060897&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33749060897&partnerID=8YFLogxK
U2 - 10.1109/NPSEC.2005.1532057
DO - 10.1109/NPSEC.2005.1532057
M3 - Conference contribution
AN - SCOPUS:33749060897
SN - 0780394275
SN - 9780780394278
T3 - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols
SP - 73
EP - 78
BT - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005
T2 - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols
Y2 - 6 November 2005 through 6 November 2005
ER -