Stealth probing: Efficient data-plane security for IP routing

Ioannis Avramopoulos; Jennifer Rexford

Stealth probing: Efficient data-plane security for IP routing

Research output: Contribution to conference › Paper › peer-review

Abstract

IP routing is notoriously vulnerable to accidental misconfiguration and malicious attack. Although secure routing protocols are an important defense, the data plane must be part of any complete solution. Existing proposals for secure (link-level) forwarding are heavy-weight, requiring cryptographic operations at each hop in a path. Instead, we propose a light-weight data-plane mechanism (called stealth probing) that monitors the availability of paths in a secure fashion, while enabling the management plane to home in on the location of adversaries by combining the results of probes from different vantage points (called Byzantine tomography). We illustrate how stealth probing and Byzantine tomography can be applied in today’s routing architecture, without requiring support from end hosts or internal routers.

Original language	English (US)
Pages	267-272
Number of pages	6
State	Published - 2006
Event	2006 USENIX Annual Technical Conference - Boston, United States Duration: May 30 2006 → Jun 3 2006

Conference

Conference	2006 USENIX Annual Technical Conference
Country/Territory	United States
City	Boston
Period	5/30/06 → 6/3/06

All Science Journal Classification (ASJC) codes

Computer Science(all)

Cite this

@conference{a55a8c9545df47e99442d94d8f619cb1,

title = "Stealth probing: Efficient data-plane security for IP routing",

abstract = "IP routing is notoriously vulnerable to accidental misconfiguration and malicious attack. Although secure routing protocols are an important defense, the data plane must be part of any complete solution. Existing proposals for secure (link-level) forwarding are heavy-weight, requiring cryptographic operations at each hop in a path. Instead, we propose a light-weight data-plane mechanism (called stealth probing) that monitors the availability of paths in a secure fashion, while enabling the management plane to home in on the location of adversaries by combining the results of probes from different vantage points (called Byzantine tomography). We illustrate how stealth probing and Byzantine tomography can be applied in today{\textquoteright}s routing architecture, without requiring support from end hosts or internal routers.",

author = "Ioannis Avramopoulos and Jennifer Rexford",

note = "Funding Information: The authors would like to thank Constantinos Dovro-lis, Nick Feamster, Karthik Lakshminarayanan, Barath Raghavan, Alex Snoeren, and the anonymous reviewers for their invaluable feedback. Ioannis Avramopou-los has been supported by a grant from the New Jersey Center for Wireless and Internet Security and a wireless testbed project (ORBIT) grant from the National Science Foundation. Jennifer Rexford was supported by Homeland Security Advanced Research Project Agency grant 1756303. Publisher Copyright: {\textcopyright} 2006 USENIX Association. All rights reserved.; 2006 USENIX Annual Technical Conference ; Conference date: 30-05-2006 Through 03-06-2006",

year = "2006",

language = "English (US)",

pages = "267--272",

}

TY - CONF

T1 - Stealth probing

T2 - 2006 USENIX Annual Technical Conference

AU - Avramopoulos, Ioannis

AU - Rexford, Jennifer

N1 - Funding Information: The authors would like to thank Constantinos Dovro-lis, Nick Feamster, Karthik Lakshminarayanan, Barath Raghavan, Alex Snoeren, and the anonymous reviewers for their invaluable feedback. Ioannis Avramopou-los has been supported by a grant from the New Jersey Center for Wireless and Internet Security and a wireless testbed project (ORBIT) grant from the National Science Foundation. Jennifer Rexford was supported by Homeland Security Advanced Research Project Agency grant 1756303. Publisher Copyright: © 2006 USENIX Association. All rights reserved.

PY - 2006

Y1 - 2006

N2 - IP routing is notoriously vulnerable to accidental misconfiguration and malicious attack. Although secure routing protocols are an important defense, the data plane must be part of any complete solution. Existing proposals for secure (link-level) forwarding are heavy-weight, requiring cryptographic operations at each hop in a path. Instead, we propose a light-weight data-plane mechanism (called stealth probing) that monitors the availability of paths in a secure fashion, while enabling the management plane to home in on the location of adversaries by combining the results of probes from different vantage points (called Byzantine tomography). We illustrate how stealth probing and Byzantine tomography can be applied in today’s routing architecture, without requiring support from end hosts or internal routers.

AB - IP routing is notoriously vulnerable to accidental misconfiguration and malicious attack. Although secure routing protocols are an important defense, the data plane must be part of any complete solution. Existing proposals for secure (link-level) forwarding are heavy-weight, requiring cryptographic operations at each hop in a path. Instead, we propose a light-weight data-plane mechanism (called stealth probing) that monitors the availability of paths in a secure fashion, while enabling the management plane to home in on the location of adversaries by combining the results of probes from different vantage points (called Byzantine tomography). We illustrate how stealth probing and Byzantine tomography can be applied in today’s routing architecture, without requiring support from end hosts or internal routers.

UR - http://www.scopus.com/inward/record.url?scp=85077313871&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85077313871&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:85077313871

SP - 267

EP - 272

Y2 - 30 May 2006 through 3 June 2006

ER -

Stealth probing: Efficient data-plane security for IP routing

Abstract

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this