skip to main content
10.1145/2070562.2070577acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article

Having your cake and eating it too: routing security with privacy protections

Published: 14 November 2011 Publication History

Abstract

Internet Service Providers typically do not reveal details of their interdomain routing policies due to security concerns, or for commercial or legal reasons. As a result, it is difficult to hold ISPs accountable for their contractual agreements. Existing solutions can check basic properties, e.g., whether route announcements correspond to valid routes, but they do not verify how these routes were chosen. In essence, today's Internet forces us to choose between per-AS privacy and verifiability.
In this paper, we argue that making this difficult tradeoff is unnecessary. We propose private and verifiable routing (PVR), a technique that enables ISPs to check whether their neighbors are fulfilling their contractual promises to them, and to obtain evidence of any violations, without disclosing information that the routing protocol does not already reveal. As initial evidence that PVR is feasible, we sketch a PVR system that can verify some simple BGP policies. We conclude by highlighting several research challenges as future work.

References

[1]
K. J. Argyraki, P. Maniatis, and A. Singla. Verifiable network-performance measurements. In CoNEXT, 2010.
[2]
A. Ben-David, N. Nisan, and B. Pinkas. FairplayMP: A system for secure multi-party computation. In Proc. ACM CCS, 2008.
[3]
E. Bresson, D. Catalano, N. Fazio, A. Nicolosi, and M. Yung. Output privacy in secure multiparty computation. In Proc. YACC, 2006.
[4]
S. B. Davidson, S. Khanna, T. Milo, D. Panigrahi, and S. Roy. Provenance views for module privacy. In Proc. PODS, 2011.
[5]
X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, kc claffy, and G. Riley. AS relationships: inference and validation. SIGCOMM CCR, 37:29--40, January 2007.
[6]
P. Faratin, D. Clark, P. Gilmore, S. Bauer, A. Berger, and W. Lehr. Complexity of internet interconnections: Technology, incentives and implications for policy. In Proc. TPRC, 2007.
[7]
L. Gao. On inferring autonomous system relationships in the internet. IEEE/ACM Trans, Netw., 9:733--745, 2001.
[8]
S. Goldberg, S. Halevi, A. Jaggard, V. Ramachandran, and R. Wright. Rationality and traffic attraction: Incentives for honestly announcing paths in BGP. In Proc. ACM SIGCOMM, Aug. 2008.
[9]
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proc. ACM STOC, 1987.
[10]
O. Goldreich, S. Micali, and A. Wigderson. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM, 38:690--728, 1991.
[11]
A. Haeberlen, I. Avramopoulos, J. Rexford, and P. Druschel. NetReview: Detecting when interdomain routing goes wrong. In Proc. NSDI, Apr 2009.
[12]
A. J. Kalafut, C. A. Shue, and M. Gupta. Malicious hubs: detecting abnormally malicious autonomous systems. In Proc. INFOCOM, 2010.
[13]
S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (S-BGP). IEEE JSAC, 18(4):582--592, 2000.
[14]
Y. Lindell and B. Pinkas. An efficient protocol for secure two-party computation in the presence of malicious adversaries. In Proc. EUROCRYPT, 2007.
[15]
H. V. Madhyastha, E. Katz-Bassett, T. Anderson, A. Krishnamurthy, and A. Venkataramani. iPlane Nano: path prediction for peer-to-peer applications. In Proc. NSDI, 2009.
[16]
R. Mahajan, D. Wetherall, and T. Anderson. Understanding BGP misconfiguration. In Proc. ACM SIGCOMM, Sep 2002.
[17]
R. Merkle. Protocols for public key cryptosystems. In Proc. Symposium on Security and Privacy, Apr. 1980.
[18]
O. Nordstroem and C. Dovrolis. Beware of BGP attacks. ACM CCR, Apr. 2004.
[19]
N. Patrick, T. Scholl, A. Shaikh, and R. Steenbergen. Peering Dragnet: anti-social behavior amongst peers, and what you can do about it, 2006. NANOG 38: http://nanog.org/meetings/nanog38/presentations/scholl-peering-dragnet.pdf.
[20]
R. L. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In Proc. ASIACRYPT, 2001.
[21]
M. Roughan, W. Willinger, O. Maennel, D. Perouli, and R. Bush. 10 lessons from 10 years of measuring and modelling the Internet's Autonomous Systems. IEEE Journal on Selected Areas in Commun., 29(9):1810--1821, 2011.
[22]
R. Sherwood, A. Bender, and N. Spring. Discarte: a disjunctive internet cartographer. In SIGCOMM, 2008.
[23]
J. Wu, Z. M. Mao, J. Rexford, and J. Wang. Finding a needle in a haystack: Pinpointing significant BGP routing changes in an IP network. In Proc. NSDI, May 2005.
[24]
M. Yoshinobu. What makes our policy messy. BGP Workshop April 2009: http://www.attn.jp/maz/p/c/bgpworkshop200904/.

Cited By

View all
  • (2019)Privacy-Preserving Verification and Root-Cause Tracing Towards UAV Social NetworksICC 2019 - 2019 IEEE International Conference on Communications (ICC)10.1109/ICC.2019.8761716(1-6)Online publication date: May-2019
  • (2019)Landscape Detection by Leveraging Millimeter Wave Communication SignalsICC 2019 - 2019 IEEE International Conference on Communications (ICC)10.1109/ICC.2019.8761252(1-6)Online publication date: May-2019
  • (2019)CFlow: A Learning-Based Compressive Flow Statistics Collection Scheme for SDNsICC 2019 - 2019 IEEE International Conference on Communications (ICC)10.1109/ICC.2019.8761224(1-6)Online publication date: May-2019
  • Show More Cited By

Index Terms

  1. Having your cake and eating it too: routing security with privacy protections

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        HotNets-X: Proceedings of the 10th ACM Workshop on Hot Topics in Networks
        November 2011
        148 pages
        ISBN:9781450310598
        DOI:10.1145/2070562
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 14 November 2011

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. BGP
        2. accountability
        3. interdomain routing
        4. privacy
        5. security

        Qualifiers

        • Research-article

        Funding Sources

        Conference

        HOTNETS-X
        Sponsor:
        HOTNETS-X: Tenth ACM Workshop on Hot Topics in Networks
        November 14 - 15, 2011
        Massachusetts, Cambridge

        Acceptance Rates

        Overall Acceptance Rate 110 of 460 submissions, 24%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)5
        • Downloads (Last 6 weeks)0
        Reflects downloads up to 20 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2019)Privacy-Preserving Verification and Root-Cause Tracing Towards UAV Social NetworksICC 2019 - 2019 IEEE International Conference on Communications (ICC)10.1109/ICC.2019.8761716(1-6)Online publication date: May-2019
        • (2019)Landscape Detection by Leveraging Millimeter Wave Communication SignalsICC 2019 - 2019 IEEE International Conference on Communications (ICC)10.1109/ICC.2019.8761252(1-6)Online publication date: May-2019
        • (2019)CFlow: A Learning-Based Compressive Flow Statistics Collection Scheme for SDNsICC 2019 - 2019 IEEE International Conference on Communications (ICC)10.1109/ICC.2019.8761224(1-6)Online publication date: May-2019
        • (2019)DAPV: Diagnosing Anomalies in MANETs Routing With Provenance and VerificationIEEE Access10.1109/ACCESS.2019.29031507(35302-35316)Online publication date: 2019
        • (2019)SRDPVWireless Networks10.1007/s11276-017-1625-825:4(1731-1747)Online publication date: 1-May-2019
        • (2019)An Enhanced Verifiable Inter-domain Routing Protocol Based on BlockchainSecurity and Privacy in Communication Networks10.1007/978-3-030-37228-6_4(63-82)Online publication date: 13-Dec-2019
        • (2018)Log-based Anomalies Detection of MANETs Routing with Reasoning and Verification2018 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC)10.23919/APSIPA.2018.8659549(240-246)Online publication date: Nov-2018
        • (2017)PVad: Privacy-Preserving Verification for Secure Routing in Ad Hoc Networks2017 International Conference on Networking and Network Applications (NaNA)10.1109/NaNA.2017.21(5-10)Online publication date: Oct-2017
        • (2016)Private and verifiable interdomain routing decisionsIEEE/ACM Transactions on Networking10.1109/TNET.2015.240923324:2(1011-1024)Online publication date: 1-Apr-2016
        • (2014)Content-Based Video Copy Detection Benchmarking at TRECVIDACM Transactions on Information Systems10.1145/262953132:3(1-40)Online publication date: 8-Jul-2014
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media