Internet Routing Security: Past, Current, and Future

1
Internet Routing Security Past, Current, and
Future
S. Felix Wu Computer Science Department University
of California, Davis wu_at_cs.ucdavis.edu http//ww
w.cs.ucdavis.edu/wu/
2
Outline

• Routing security
• Secure Routing

3
Internet (1969 )

• Basic datagram service between one IP address and
  another

4
Internet (1969 )

• Basic datagram service between one IP address and
  another
• The End2End Principle

5
Internet (1969 )

• Basic datagram service between one IP address and
  another
• The End2End Principle

A
B
IPsec Tunneling, MobileIP
6
Internet (1969 )

• Basic datagram service between one IP address and
  another
• Routing is quite straightforward!

7
Internet (1969 )

• Basic datagram service between one IP address and
  another
• Routing exchanging the information regarding the
  address space and how to reach them.
• Routing versus Forwarding

8
Internet (1969 )

• Basic datagram service between one IP address and
  another
• Routing exchanging the information regarding the
  address space and how to reach them.
• Applications built on top of the services
• QoS over the Internet, still a challenge

9
Internet Infrastructure

• It enables many cool applications.
• Email, Web, IM, Skype, Google, Bittorrent,
  Infospace, LinkedIn,...

10
Internet Infrastructure

• It enables many cool applications.
• Email, Web, IM, Skype, Google, Bittorrent,
  Infospace, LinkedIn,...
• We are connected, at least in the IP address
  sense!!

11
Internet Infrastructure

• It enables many cool applications.
• Email, Web, IM, Skype, Google, Bittorrent,
  Infospace, LinkedIn,...
• We are connected, at least in the IP address
  sense!!
• Who is the hero to make all these possible?

12
BGP

• Border Gateway Protocol
• the inter-domain routing protocol for the
  Internet

13
BGP
AS6192
UCDavis 169.237/16

• Autonomous System (AS)
• A set of routers owned by one single system
  administrative domain
• Address Prefix
• Example
• AS6192 consists of routers in UC Davis
• UC Davis owns 169.237/16

14
BGP
AS6192
UCDavis 169.237/16

• How would I let the whole world know about
  169.237/16?
• I announce that I owned 169.237/16
• More importantly, how would anybody else in the
  Internet know how to send (or route, forward) a
  IP packet to 169.237/16?
• Others would know how to send packets to
  169.237/16

15
Peering ASes
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
Peering is a local/decentralized trust based on a
business contract!
16
AS6192
an AS Path 169.237/16 6192
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
17
AS6192 ? AS11423
an AS Path 169.237/16 11423? 6192
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
18
AS11423 ? AS11537
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
an AS Path 169.237/16 11537?11423? 6192
19
AS11537 ? AS513
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
an AS Path 169.237/16 513?11537?11423? 6192
20
Packet Forwarding
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
an AS Path 169.237/16 513?11537?11423? 6192
21
The Scale of the Internet
22
The Scale of the Internet

• 20464 Autonomous Systems
• 167138 IP Address Prefixes announced
• Every single prefix, and their dynamics, must
  be propagated to every single AS.
• Every single AS must maintain the routing table
  such that it knows how to route the traffic
  toward any one of the 167138 prefixes to the
  right destination.
• BGP is the protocol to support the exchange of
  routing information for ALL prefixes in ALL ASes.

23
The Internet
24
Semi-Good News

• Aggregation works (or worked)!
• An existing issue
• Multi-homing is countering the effort though.
• A new issue
• Routing on Flat-Labels (ROFL)

25
Not so sure news

• No hierarchy, no infrastructure, no tier-one
  service providers, no government censorship, no
  centralized managed DNS, no google, and no
  nothing!!

26
Not so sure news

• No hierarchy, no infrastructure, no tier-one
  service providers, no government censorship, no
  centralized managed DNS, no google, and no
  nothing!!
• And, we expect Internet works much better than
  today
• 40 billions nodes/ASes
• The whole Internet is a giant Sensor network

And, yet it needs to be scalable in every
measure.
27
BGP Security Issues
28
Origin AS in an AS Path

• UCDavis (AS-6192) owns 169.237/16 and AS-6192 is
  the origin AS
• AS Path 513?11537?11423? 6192
• 12654 13129 6461 3356 11423 6192
• 12654 9177 3320 209 11423 6192
• 12654 4608 1221 4637 11423 6192
• 12654 777 2497 209 11423 6192
• 12654 3549 3356 11423 6192
• 12654 3257 3356 11423 6192
• 12654 1103 11537 11423 6192
• 12654 3333 3356 11423 6192
• 12654 7018 209 11423 6192
• 12654 2914 209 11423 6192
• 12654 3549 209 11423 6192

12654
2914
7018
3549
3333
209
11537
3356
4637
11423
6192
29
Trust in BGP Updates
An BGP Update message consists of a sequence of
local trust relations. But, how to form the
global trust?
UCDavis 169.237/16
AS513
an AS Path 169.237/16 513?11537?11423? 6192
30
Security of BGP

• Authentication/validation of BGP update messages

AS513
an AS Path 169.237/16 513?11537?11423? 6192
How to validate? What to trust?
31
Trust Model in BGP??
AS513
an AS Path 169.237/16 513?11537?11423? 6192
32
Remember

• Internet, based on the E2E argument, has to be
  simple
• BGP has to be simple
• Security trust has to be simple

33
Remember

• Internet, based on the E2E argument, has to be
  simple
• BGP has to be simple.
• Security trust has to be simple.
• And, our minds have to be simple

34
Trust Model in BGP

• Naïve/unconditional trust

AS513
an AS Path 169.237/16 513?11537?11423? 6192
35
The bad news is

• The Internet community (e.g., IETF, Cisco, ATT,
  and their similar) wont fix the Internet until
  it breaks

36
And, the real good news is

• The Internet community (e.g., IETF, Cisco, ATT,
  and their similar) wont fix the Internet until
  it breaks

37
And, the real good news is

• The Internet community (e.g., IETF, Cisco, ATT,
  and their similar) wont fix the Internet until
  it breaks
• Internet will break!!
• It has broken a few times GLOBALLY!!

38
BGP
AS6192
UCDavis 169.237/16

• How would I let the whole world know about
  169.237/16?
• I announce that I owned 169.237/16
• More importantly, how would anybody else in the
  Internet know how to send (or route, forward) a
  IP packet to 169.237/16?
• Others would know how to send packets to
  169.237/16

39
BGP
AS6192
UCDavis 169.237/16

• How would I let the whole world know about
  169.237/16?
• I announce that I owned 169.237/16
• Prefix hijacking
• More importantly, how would anybody else in the
  Internet know how to send (or route, forward) a
  IP packet to 169.237/16?
• Others would know how to send packets to
  169.237/16

40
Origin AS Changes (OASC)

• Ownership UCDavis (AS-6192) owns 169.237/16 and
  AS-6192 is the origin AS
• Current
• AS Path 2914?209?11423? 6192
• for prefix 169.237/16

12654
2914
209
11423
6192
169.237/16
41
Origin AS Changes (OASC)

• Ownership UCDavis (AS-6192) owns 169.237/16 and
  AS-6192 is the origin AS
• Current
• AS Path 2914?209?11423? 6192
• for prefix 169.237/16
• New
• AS Path 2914?3011?273? 81
• even worse 169.237.6/24

12654
2914
209
3011
11423
273
6192
81
169.237/16
169.237.6/24
42
Origin AS Changes (OASC)

• Ownership UCDavis (AS-6192) owns 169.237/16 and
  AS-6192 is the origin AS
• Current
• AS Path 2914?209?11423? 6192
• for prefix 169.237/16
• New
• AS Path 2914?3011?273? 81
• even worse 169.237.6/24
• Which route path to use?

12654
2914
209
3011
11423
273
6192
81
169.237/16
169.237.6/24
43
Origin AS Changes (OASC)

• Ownership UCDavis (AS-6192) owns 169.237/16 and
  AS-6192 is the origin AS
• Current
• AS Path 2914?209?11423? 6192
• for prefix 169.237/16
• New
• AS Path 2914?3011?273? 81
• even worse 169.237.6/24
• Which route path to use?
• Legitimate or Abnormal??

12654
2914
209
3011
11423
273
6192
81
169.237/16
169.237.6/24
44
Lets extend it a little bit
45
Internet Global Failures

• AS7007 falsely de-aggregates 65000 network
  prefixes in 1997 and the east coast Internet was
  down for 12 hours.

AS6192
AS11423 (UC)
169.237/16 142.7.6/24 204.5.68/24 .
Black Hole
AS11537 (CENIC)
AS513
46
Active BGP Entries
47
Active BGP Entries
48
Active BGP Entries
49
Internet Global Failures

• How to fix it?

AS6192
AS11423 (UC)
169.237/16 142.7.6/24 204.5.68/24 .
Black Hole
AS11537 (CENIC)
AS513
50
New Prefix Rate-limiting

• For any given time window, a BGP peer can only
  introduce a X number of new IP prefixes.
• But, tier-1 ISPs will not be rate-limited.

51
New Prefix Rate-limiting

• For any given time window, a BGP peer can only
  introduce a X number of new IP prefixes.
• But, tier-1 ISPs will not be rate-limited.
• It worked/works, but

52
Origin AS Changes (OASC)

• Ownership UCDavis (AS-6192) owns 169.237/16 and
  AS-6192 is the origin AS
• Current
• AS Path 2914?209?11423? 6192
• for prefix 169.237/16
• New
• AS Path 2914?3011?273? 81
• even worse 169.237.6/24
• Which route path to use?
• Legitimate or Abnormal??
• It wont help if a specific prefix is
  hijacked!!

12654
2914
209
3011
11423
273
6192
81
169.237/16
169.237.6/24
53
BGP MOAS/OASC Events(IMW2001, Explanation ?
DSOM2003)
Max 10226 (9177 from a single AS)
54
Real-Time OASC Detection

• Low level events BGP Route Updates
• High level events OASC
• 1000 per day and max 10226 per day
• per 3-minutes window in real-time demo
• IP address blocks
• Origin AS in BGP Update Messages
• Different Types of OASC Events

55
Qua-Tree Representation of IP Address Prefixes
11
01
110001
110011
111001
111011
110000
110010
111000
111010
00110110
1001
10
00
169.237/16 10101001.11101101/16
AS
56
AS Representation
AS-6192
AS-7777
11
01
110001
110011
111001
111011
110000
110010
111000
111010
AS
00110110
1001
AS-81
10
00
AS-1
AS-15412
57
AS81 punched a hole on 169.237/16
yesterday AS-6192
victim
yesterday 169.237/16 today 169.237/16 169.237.6/
24
offender
today AS-81
58
OASC Event Types

• Using different colors to represent types of OASC
  events
• C type CSS, CSM, CMS, CMM
• H type H
• B type B
• O type OS, OM

59
Normal
60
AS15412 in April, 2001
61
April 6, 2001
AS15412 caused 40K MOAS/OASC events within 2
weeks
62
April 7-10, 2001
63
April 11-14, 2001
64
April 18-19, 2001 Again??
65
How to authenticate or validate?

• Authentication/validation of BGP update messages

AS513
an AS Path 169.237/16 513?11537?11423? 6192
66
SBGP

• PKI
• Every relationship is certified by related ASes
  (with some certificates issued by the CA).

67
Peering ASes
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
68
AS6192 ? AS11423
an AS Path 169.237/16 11423? 6192
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
69
AS11423 ? AS11537
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
an AS Path 169.237/16 11537?11423? 6192
70
AS11537 ? AS513
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
an AS Path 169.237/16 513?11537?11423? 6192
71
PKI and Global Trust

• Certificates for everyone and everything
• Verification through a chain of trust relationship

72
PKI and Global Trust

• Certificates for everyone and everything
• Verification through a chain of trust
  relationship
• BUT ?
• Is it reasonable to have a global PKI or any
  weaker form of centralized trust servers?
• Chicken and Egg problem
• which infrastructure depends on which?
• Internet ? Trust Service
• Trust Service ? Internet

73
SoBGP

• Distributed Registry
• Checking for Topology relationship
• Similar to DNS (and many others)
• Checking for binding between IP address and name

74
SoBGP

• Authentication/validation of BGP update messages

AS513
an AS Path 169.237/16 513?11537?11423? 6192
AS6192 owns 169.237/16 AS6192 peers with
AS11423 AS11423 peers with AS11537 AS11537 peers
with AS513
75
SoBGP

• Authentication/validation of BGP update messages

AS513
an AS Path 169.237/16 513?11537?11423? 6192
76
Peering ASes
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
AS6192 owns 169.237/16 AS6192 peers with
AS11423 AS11423 peers with AS11537 AS11537 peers
with AS513
77
AS6192 ? AS11423
an AS Path 169.237/16 11423? 6192
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
AS6192 owns 169.237/16 AS6192 peers with
AS11423 AS11423 peers with AS11537 AS11537 peers
with AS513
78
AS11423 ? AS11537
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
an AS Path 169.237/16 11537?11423? 6192
AS6192 owns 169.237/16 AS6192 peers with
AS11423 AS11423 peers with AS11537 AS11537 peers
with AS513
79
AS11537 ? AS513
UCDavis 169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)
AS513
an AS Path 169.237/16 513?11537?11423? 6192
AS6192 owns 169.237/16 AS6192 peers with
AS11423 AS11423 peers with AS11537 AS11537 peers
with AS513
80
AS6192 owns 169.237/16 AS6192 peers with
AS11423 AS11423 peers with AS11537 AS11537 peers
with AS513
81
SBGP vs SoBGP

• What is the difference?

82
AS6192 owns 169.237/16 AS6192 peers with
AS11423 AS11423 peers with AS11537 AS11537 peers
with AS513
83
(No Transcript)
84
Verification/Validation for the Truth

• Verifying the truth about the routing information
• SoBGP or SBGP
• But, MOAS/OASC
• Inherently, they assume that if EVERYTHING has
  been verified, then MOAS/OASC is irrelevant.

85
Descartes BGP

• A Conflict Detection and Response Framework for
  Inter-Domain Routing

au contraire de cela, même que je pensais à
douter de la vérité des autres choses, il suivait
très évidemment et très certainement que
j'étais. to the contrary, in the very act of
thinking about doubting the truth of other
things, it very clearly and certainly followed
that I existed. - René Descartes (1596-1650),
Le Discours de la Méthode, Quatrieme Partie
86
Origin AS Changes (OASC)

• Ownership UCDavis (AS-6192) owns 169.237/16 and
  AS-6192 is the origin AS
• Current
• AS Path 2914?209?11423? 6192
• for prefix 169.237/16
• New
• AS Path 2914?3011?273? 81
• For prefix 169.237/16

12654
2914
209
3011
11423
273
6192
81
169.237/16
87
Origin AS Change

• Without ANY centrally managed service
• DNS, PKI, BGP Certificate Authority
• That is the spirit of Inter-domain Internet
• Without ANY global management!
• We do NOT know which one is correct or incorrect
  as the ground truth ANSWER is not being provided!
• We dont have the oracle
• Then, how do we deal with this problem?

88
Descartes BGP

• Collaborative Conflict Detection and Resolution,
  while some of the collaborators might be
  malicious
• Every IP prefix

89
Prevention vs. Tolerance

• No invalid route will be allowed.
• SBGP
• The system can still work, to a certain degree,
  even with one or more invalid routes.

90
Byzantine/Persistent Failures

• Very expensive to prevent/eliminate
• You will need the ground truth!!

91
Byzantine/Persistent Failures

• Very expensive to prevent/eliminate
• You will need the ground truth!!
• An alternative approach
• We can NOT completely eliminate certain faults.
• But, those faults can not completely eliminate
  our service as well.

92
Conflict

• Ground Truth about a prefix ? absolute
• must rely on some centralized services
• Conflict ?relative
• Two peers disagree but we dont know which one is
  right

93
Descartes BGP
AS-6192
AS-81
169.237/16
169.237/16
94
12654
2914
209
3011
11423
273
6192
81
169.237/16
95
169.237/16
6192
11423
209
3011
273
2914
81
96
169.237/16
6192
11423
209
3011
273
2914
81
97
169.237/16
6192
11423
209
3011
273
2914
81
98
169.237/16
6192
11423
209
3011
273
2914
81
99
169.237/16
6192
11423
209
3011
273
2914
81
Traffic Split Line
100
Detectability Detector

• Which ASes can detect the conflict?
• Which ASes should raise the flag?

101
Who can detect??
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
102
Who can detect??
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
103
Who can detect??
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
6192
11423
209
3011
273
2914
81
104
Detector

• Who should be the detector?

6192
11423
209
3011
273
2914
81
105
Minimizing the detectors
169.237/16
6192
11423
209
3011
273
2914
81
81
6192
273?81
11423?6192
3011?273?81
209?11423?6192
106
Detector

• The AS detects the conflict and will not use the
  new conflicting BGP update.

6192
11423
209
3011
273
2914
81
107
169.237/16
6192
11423
209
3011
273
2914
81
Detector
81
6192
273?81
11423?6192
3011?273?81
169.237/16
209?11423?6192
108
Self-Stabilization

• Detection
• Who should detect it?
• Conflict resolution
• Who can possibly verify better than the detector?

109
169.237/16
Checker
Checker
6192
11423
209
3011
273
2914
81
Detector
3011?273?81
169.237/16
209?11423?6192
110
Local configuration and resolution
6192
81
If the checkers dont care, nobody else will.
169.237/16
Agreement
Conflict
Persistent Conflict
111
Assuming AS81 is faulty

• AS6192 (checker) confirms with local routing
  policies for 169.237/16.
• AS81 (checker) realizes that it made a mistake ?
  withdraw.

112
169.237/16
Checker
Checker
6192
11423
209
3011
273
2914
81
Detector
3011?273?81
169.237/16
209?11423?6192
113
169.237/16
Checker
Abnormal
6192
11423
209
3011
273
2914
81
Detector
3011?273?81
169.237/16
209?11423?6192
114
Self-Stabilization

• Transient/Simple Faults

115
But, what happens

• AS81 disagrees that it is at fault!
• It even believes that AS6192 is faulty.
• The basic service will NOT know the answer
• We really need outside help to resolve the
  problem completely.
• But, the basic service should still operate as
  much as possible before the resolution.

116
Who should the Network trust?
169.237/16
Checker
Checker
6192
11423
209
3011
273
2914
81
Detector
Skeptical Shared Trust
3011?273?81
169.237/16
209?11423?6192
117
Persistent Conflict

• How to resolve?

118
Management

• The right information to the management plane
• Before the issue is completely resolved, the
  Internet still operates to provide the basic
  service.

119
169.237/16
Checker
Checker
6192
11423
209
3011
273
2914
81
Detector
120
169.237.0/17
169.237.128/17
169.237.128/17
Checker
Checker
6192
11423
209
3011
273
2914
81
Detector
121
Local Decision
Outbound at source AS
0 or 1
IP Header
address restoration bit
IP Prefix P/n
b
Inbound at destination AS
n Network bits
32 n host bits
122
Descartes BGP Recovery

• All the ASes between AS81 AS6192 are aware of
  the persistent conflict for 169.237/16.
• No further new BGP prefix announcement under
  169.237/16 (e.g., 169.237.6/24) until the
  persistent conflict is removed by management
  plane.
• Application-level IP address re-mapping, based on
  some trust, is required.

123
Conflict Detection
prefix
124
Conflict Resolution
?
prefix
?
125
Persistent Conflict
?
prefix
?
126
Robustness against Persistent Fault

• The faults can not be eliminated completely
• Due to no ground truth within the basic service!
• But, the faults can not completely eliminate the
  basic service either!!
• We will still have enough/some bandwidth to run
  SNMP, DNS, and PKI, for instance.

127
of Detectors

• AS-15412 (30,088 affected prefixes)
• 933 detectors totally
• Average 8.88 per prefix
• AS-3549 detected 77

128
140.113.0.0/16 NCTU,Taiwan2001/04/06/5pm GMT
129
140.113.0.0/16 NCTU,Taiwan2001/04/07/1am GMT
Fault Line
130

• 73 BGP msg

131
83 BGP msg 40 D-BGP msg
132
Descartes BGPthe principle of ABCD

• A Anomalous Advertiser
• B Blocker
• C Checker
• D Detector

133
Routing Security?Secure Routing

• Routing security
• Make sure the basic IP service work correctly!
• Secure Routing
• Enhance Internet security via a better routing
  service!

134
Internet Infrastructure

• It enables many cool applications.
• Email, Web, IM, Skype, Google, Bittorrent,
  Infospace, LinkedIn,...
• We are connected, at least in the IP address
  sense!!

135
Internet Infrastructure

• It enables many cool applications.
• Email, Web, IM, Skype, Google, Bittorrent,
  Infospace, LinkedIn,...
• We are connected, at least in the IP address
  sense!!
• Many other forms of connections
• Peer2Peer, Friend2Friend, community

136
Internet Infrastructure

• It enables many cool applications.
• It enables many cool attacks.

137
Internet Infrastructure

• It enables many cool applications.
• It enables many cool attacks.
• David Clark on Morris Worms to DARPA in 1988

138
Internet Infrastructure

• It enables many cool applications.
• It enables many cool attacks.
• David Clark on Morris Worms to DARPA in 1988
  Internet is doing exactly what it supposed to do

139
We can not blame everything to Microsoft!

• It enables many cool applications.
• It enables many cool attacks.
• Worm, DDoS, spamming, phishing, (the list is
  still growing)

140
We can not blame everything to Microsoft!

• It enables many cool applications.
• It enables many cool attacks.
• Worm, DDoS, spamming, phishing, (the list is
  still growing)

Related to our Inter-domain routing today
141
We can not blame everything to Microsoft!

• It enables many cool applications.
• It enables many cool attacks.
• Worm, DDoS, spamming, phishing, (the list is
  still growing)

A
B
Is end2end security the right abstraction?
142
We can not blame everything to Microsoft!

• It enables many cool applications.
• It enables many cool attacks.
• Worm, DDoS, spamming, phishing, (the list is
  still growing)
• Spyware (I mainly blame Microsoft for this, but
  can we do something in the Internet
  infrastructure to ensure the information
  accountability across domains?)

143
BGP
AS6192
UCDavis 169.237/16

• How would I let the whole world know about
  169.237/16?
• I announce that I owned 169.237/16
• Prefix hijacking
• More importantly, how would anybody else in the
  Internet know how to send (or route, forward) a
  IP packet to 169.237/16?
• Others would know how to send packets to
  169.237/16

144
BGP
AS6192
UCDavis 169.237/16

• How would I let the whole world know about
  169.237/16?
• I announce that I owned 169.237/16
• Prefix hijacking
• More importantly, how would anybody else in the
  Internet know how to send (or route, forward) a
  IP packet to 169.237/16?
• Others would know how to send packets to
  169.237/16
• DDoS, Spam no receiver/owner controllability

145
DSL (Davis Social Links)
A
B

• Principle
• Communication should reflect the (social)
  relationship between the sender and the receiver,
  and the receiver should have ways to control
  that.
• Design
• Route discovery based on social keywords and
  their potential aggregation
• Separation of identity and routability
• Penalty and Reputation framework

F
A
B
F
F
146
The same message content

• M from Felix Wu
• M from Felix Wu via an IETF mailing list
• M from Felix Wu via Herve Debar

147
The same message content

• M from Felix Wu
• ? Probably a spam
• M from Felix Wu via an IETF mailing list
• ? Probably not interesting
• M from Felix Wu via Herve Debar
• ? Do I seriously want to keep the job?

148
This is nothing new!
A
B

• Principle
• Communication should reflect the (social)
  relationship between the sender and the receiver,
  and the receiver should have ways to control
  that.
• Design
• Route discovery based on social keywords and
  their potential aggregation
• Separation of identity and routability
• Penalty and Reputation framework

F
A
B
F
F
149
Social Routers
150
Social Routers
Proxy
151
Social Router Identity
Identity an X-bits string with a public key
152
Social Router Identity
Identity an X-bits string with a public key
The identity doesnt have to be globally
unique. There are many Felix Wu in this world,
but Herve wont be confused under different
social contexts.
153
Go beyond HIP

• Host Identity Protocol
• Separation of host identity and routable
  addresses

154
Go beyond HIP

• Host Identity Protocol
• Separation of host identity and routable
  addresses
• Host ? Person/Object
• Identification should be an application issue.
• Routing only provides services to forward packets
  to the IP address which can be mapped to the
  identity by the application!

155
A Social Link
representing a trust relationship
156
A Social Link
Without a social link, messages will be either
dropped or lower prioritized in the networking
layer
representing a trust relationship
157
A Social Link
The link can be revoked or downgraded at any time!
representing a trust relationship
158
Social Keywords
Soccer, BGP, Davis, California, Intrusion
Detection,
159
Social Keywords
Soccer, BGP, Davis, California, Intrusion
Detection,
Social keywords represents your interests and the
semantic/social interpretation of you (and your
identity).
160
Social Keywords
BGP, Intrusion Detection
Soccer, Davis, California
161
Social Keywords
Soccer, BGP, Davis, California, Intrusion
Detection, Liechtenstein
Social keywords represents your interests and the
semantic/social interpretation of you (and your
identity). Sometimes, it can be anything you like!
162
Incoming Route Discovery Messages
AND/OR expression
Soccer, BGP, Davis, California, Intrusion
Detection, Liechtenstein
Soccer, BGP, Davis, California, Intrusion
Detection, Liechtenstein
163
Incoming Route Discovery Messages
AND/OR expression
Soccer, BGP, Davis, California, Intrusion
Detection, Liechtenstein
Soccer, BGP, Davis, California, Intrusion
Detection, Liechtenstein a few extra
a bag of expected words
Accepted or not??
164
Routing Information Exchange
AND/OR expressions of keywords
165
Scalable, scalable, scalable???

• 40 billions of ASes or nodes
• Lots of keywords and keyword expressions

166
Keyword Aggregation
AND/OR expressions of keywords
167
Limited Resources
. . . .
168
M
Keywords and aggregated keywords
. . . .
content addressable emails
169
(No Transcript)
170
Remarks

• Routing security involves several complex issues
  without good definitive answers..
• We should really think about communication
  first, and then worry about the best routing
  framework to support it.
• E.g., P2P applications, hijacking, fairness,
  spam, phishing, penalty, matching with social
  networks, identity and receiver control