research-article

Free access

Accountable internet protocol (aip)

Authors:

David G. Andersen,

Hari Balakrishnan,

Daekyeong Moon, and

Scott ShenkerAuthors Info & Claims

SIGCOMM '08: Proceedings of the ACM SIGCOMM 2008 conference on Data communication

August 2008

Pages 339 - 350

https://doi.org/10.1145/1402958.1402997

Published: 17 August 2008 Publication History

Abstract

This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the corresponding entity. We discuss how AIP enables simple solutions to source spoofing, denial-of-service, route hijacking, and route forgery. We also discuss how AIP's design meets the challenges of scaling, key management, and traffic engineering.

References

[1]

ITRS international technology roadmap for semiconductors, 2006.

[2]

D. Andersen, H. Balakrishnan, N. Feamster, T. Koponen, D. Moon, and S. Shenker. Holding the Internet accountable. In Proc. 6th ACM Workshop on Hot Topics in Networks (Hotnets-VI), Nov. 2007.

Digital Library

[3]

APNIC. The APNIC Resource Certification Page. http://mirin.apnic.net/resourcecerts/.

[4]

K. Argyraki and D. R. Cheriton. Active Internet traffic filtering: Real-time response to denial-of-service attacks. In Proc. USENIX Annual Technical Conference, Apr. 2005.

Digital Library

[5]

T. Aura. Cryptographically Generated Addresses (CGA). Internet Engineering Task Force, Mar. 2005. RFC 3972.

[6]

R. Beverly and S. Bauer. The Spoofer project: Inferring the extent of source address filtering on the Internet. In Proc. SRUTI Workshop, July 2005.

Digital Library

[7]

CNET News.com. Router Glitch Cuts Net Access. http://news.com.com/2100-1033-279235.html, Apr. 1997.

[8]

Z. Duan, X. Yuan, and J. Chandrashekar. Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates. In Proc. IEEE INFOCOM, Mar. 2006.

[9]

D. Farinacci, V. Fuller, D. Oran, and D. Meyer. Locator/ID Separation Protocol (LISP). Internet Engineering Task Force, Apr. 2008. Internet Draft (http://tools.ietf.org/html/draft-farinacci-lisp-07). Work in progress, expires October 2008.

[10]

P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. Internet Engineering Task Force, Jan. 1998. RFC 2267.

Digital Library

[11]

P. Ferguson and D. Senie. Network Ingress Filtering. Internet Engineering Task Force, May 2000. BCP 38, RFC 2827.

[12]

V. Fuller. Scaling issues with routing+multihoming, Feb. 2007. Plenary session at APRICOT, the Asia Pacific Regional Internet Conference on Operational Technologies.

[13]

G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin. Working around BGP: An incremental approach to improving security and accuracy in interdomain routing. In Proc. NDSS, Feb. 2003.

[14]

G. Huston, G. Michaelson, and R. Loomans. A Profile for Resource Certificate Repository Structure. Internet Engineering Task Force, June 2006. http://mirin.apnic.net/resourcecerts/project-notes/draft-ietf-sidr-repos-struct-00.html.

[15]

J. Karlin, S. Forrest, and J. Rexford. Pretty Good BGP: Protecting BGP by cautiously selecting routes. Technical report, University of New Mexico, Oct. 2005. TR-CS-2005-37.

[16]

F. Kastenholz. ISLAY: A New Routing and Addressing Architecture. Internet Engineering Task Force, May 2002. http://ietfreport.isoc.org/idref/draft-irtf-routing-islay/.

[17]

S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. Internet Engineering Task Force, Nov. 1998. RFC 2401.

Digital Library

[18]

S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (S-BGP). IEEE JSAC, 18 (4): 582--592, Apr. 2000.

Digital Library

[19]

T. Killalea. Internet Service Provider Security Services and Procedures. Internet Engineering Task Force, Nov. 2000. RFC 3013.

Digital Library

[20]

D. Krioukov, kc claffy, K. Fall, and A. Brady. On Compact Routing for the Internet. ACM Computer Communications Review, 37 (3): 41--52, July 2007.

Digital Library

[21]

M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang. AS: A prefix hijack alert system. In Proc. 15th USENIX Security Symposium, Aug. 2006.

Digital Library

[22]

J. Leskovec, J. Kleinberg, and C. Faloutsos. Graphs over time: Densification laws, shrinking diameters and possible explanations. In Proc. 11th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Aug. 2005.

Digital Library

[23]

J. Li, R. Bush, Z. M. Mao, T. Griffin, M. Roughan, D. Stutzbach, and E. Purpus. Watching data streams toward a multi-homed sink under routing changes introduced by a BGP beacon. In Passive & Active Measurement (PAM), Mar. 2006.

[24]

X. Liu, X. Yang, D. Wetherall, and A. Li. Passport: Secure and Adoptable Source Authentication. In Proc. 5th USENIX NSDI, Apr. 2008.

Digital Library

[25]

D. Mazières, M. Kaminsky, M. F. Kaashoek, and E. Witchel. Separating key management from file system security. In Proc. 17th ACM Symposium on Operating Systems Principles (SOSP), pages 124--139, Dec. 1999.

Digital Library

[26]

D. McCullagh. How Pakistan knocked YouTube offline. http://news.cnet.com/8301-10784_3-9878655-7.html, Feb. 2008.

[27]

D. Meyer, L. Zhang, and K. Fall. Report from the IAB Workshop on Routing and Addressing. Internet Engineering Task Force, Sept. 2007. RFC 4984.

[28]

R. Moskowitz and P. Nikander. Host Identity Protocol (HIP) Architecture. Internet Engineering Task Force, May 2006. RFC 4423.

[29]

M. Ohta. 8+8 Addressing for IPv6 End to End Multihoming, Jan. 2004. draft-ohta-multi6-8plus8-00 (Expired IETF Draft).

[30]

K. Park and H. Lee. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets. In Proc. ACM SIGCOMM, Aug. 2001.

Digital Library

[31]

A. Ramachandran and N. Feamster. Understanding the Network-Level Behavior of Spammers. In Proc. ACM SIGCOMM, Aug. 2006. An earlier version appeared as Georgia Tech TR GT-CSS-2006-001.

Digital Library

[32]

A. Ramachandran and N. Feamster. Understanding the network-level behavior of spammers. In Proc. ACM SIGCOMM, Aug. 2006.

Digital Library

[33]

Renesys. Renesys Routing Intelligence. http://www.renesys.com/products_services/routing_intelligence.shtml.

[34]

M. Shaw. Leveraging good intentions to reduce unwanted network traffic. In Proc. USENIX Steps to Reduce Unwanted Traffic on the Internet workshop, July 2006.

Digital Library

[35]

G. Siganos and M. Faloutsos. Analyzing BGP Policies: Methodology and Tool. In Proc. IEEE INFOCOM, Mar. 2004.

[36]

T. L. Simon. oof. panix sidelined by incompetence... again. http://merit.edu/mail.archives/nanog/2006-01/msg00483.html, Jan. 2006.

[37]

A. C. Snoeren and H. Balakrishnan. An end-to-end approach to host mobility. In Proc. ACM Mobicom, pages 155--166, Aug. 2000.

Digital Library

[38]

Spammer-X. Inside the SPAM Cartel. Syngress, 2004. Page 40.

Digital Library

[39]

G. Varghese. Network Algorithmics. Morgan Kaufmann, 2007.

[40]

P. Verkaik, A. Broido, kc claffy, R. Gao, Y. Hyun, and R. van der Pol. Beyond CIDR aggregation. Technical Report TR-2004-01, CAIDA, Feb. 2004.

[41]

Q. Vohra and E. Chen. BGP Support for Four-octet AS Number Space. Internet Engineering Task Force, May 2007. RFC 4893.

[42]

M. Walfish, J. Stribling, M. Krohn, H. Balakrishnan, R. Morris, and S. Shenker. Middleboxes no longer considered harmful. In Proc. 6th USENIX OSDI, Dec. 2004.

Digital Library

[43]

R. White. Securing BGP through secure origin BGP. The Internet Protocol Journal, 6 (3), Sept. 2003. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-3/ipj_6-3.pdf.

[44]

Q. Wu, Y. Liao, T. Wolf, and L. Gao. Benchmarking BGP routers. In Proc. IEEE International Symposium on Workload Characterization (IISWC), Sept. 2007.

Digital Library

[45]

X. Zhang, P. Francis, J. Wang, and K. Yoshida. Scaling IP routing with the core router-integrated overlay. In IEEE International Conference on Network Protocols (ICNP), Nov. 2006.

Digital Library

Cited By

Jiang WWang YYe S(2024)A Memorable Communication Method Based on Cryptographic AccumulatorElectronics10.3390/electronics1306108113:6(1081)Online publication date: 14-Mar-2024
https://doi.org/10.3390/electronics13061081
Bao HZhao YZhang XWang GDuan JTian RMen JZhang M(2024)A Probabilistic and Distributed Validation Framework Based on Blockchain for Artificial Intelligence of ThingsIEEE Internet of Things Journal10.1109/JIOT.2023.327984911:1(17-28)Online publication date: 1-Jan-2024
https://doi.org/10.1109/JIOT.2023.3279849
Zhao ZLi ZZhou ZYu JSong ZXie XZhang FZhang R(2023)DDoS Family: A Novel Perspective for Massive Types of DDoS AttacksComputers & Security10.1016/j.cose.2023.103663(103663)Online publication date: Dec-2023
https://doi.org/10.1016/j.cose.2023.103663
Show More Cited By

Index Terms

Accountable internet protocol (aip)
1. Networks

Recommendations

Accountable internet protocol (aip)

This paper presents AIP (Accountable Internet Protocol), a network architecture that provides accountability as a first-order property. AIP uses a hierarchy of self-certifying addresses, in which each component is derived from the public key of the ...
Read More
Accountable Anonymity: A Proxy Re-Encryption Based Anonymous Communication System
ICPADS '12: Proceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems

While several well-developed anonymous services have been made available on-line to protect Internet user's privacy, we have seen that due to the lack of accountability, they have often been exploited by criminals to conduct various illegal activities (...
Read More
Duck Attack on Accountable Distributed Systems
MobiQuitous 2017: Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

Accountability plays a key role in dependable distributed systems. It allows to detect, isolate and churn malicious/selfish nodes that deviate from a prescribed protocol. To achieve these properties, several accountable systems use at their core ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCOMM '08: Proceedings of the ACM SIGCOMM 2008 conference on Data communication

August 2008

452 pages

ISBN:9781605581750

DOI:10.1145/1402958

General Chairs:
Victor Bahl
Microsoft Research
,
David Wetherall
Intel Research & University of Washington
,
Program Chairs:
Stefan Savage
University of California, San Diego
,
Ion Stoica
University of California, Berkeley

ACM SIGCOMM Computer Communication Review Volume 38, Issue 4
October 2008
436 pages
ISSN:0146-4833
DOI:10.1145/1402946
Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGCOMM '08

Sponsor:

SIGCOMM '08: ACM SIGCOMM 2008 Conference

August 17 - 22, 2008

WA, Seattle, USA

Acceptance Rates

Overall Acceptance Rate 554 of 3,547 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

237
Total Citations
View Citations
2,010
Total Downloads

Downloads (Last 12 months)125
Downloads (Last 6 weeks)7

Other Metrics

View Author Metrics

Citations

Cited By

Jiang WWang YYe S(2024)A Memorable Communication Method Based on Cryptographic AccumulatorElectronics10.3390/electronics1306108113:6(1081)Online publication date: 14-Mar-2024
https://doi.org/10.3390/electronics13061081
Bao HZhao YZhang XWang GDuan JTian RMen JZhang M(2024)A Probabilistic and Distributed Validation Framework Based on Blockchain for Artificial Intelligence of ThingsIEEE Internet of Things Journal10.1109/JIOT.2023.327984911:1(17-28)Online publication date: 1-Jan-2024
https://doi.org/10.1109/JIOT.2023.3279849
Zhao ZLi ZZhou ZYu JSong ZXie XZhang FZhang R(2023)DDoS Family: A Novel Perspective for Massive Types of DDoS AttacksComputers & Security10.1016/j.cose.2023.103663(103663)Online publication date: Dec-2023
https://doi.org/10.1016/j.cose.2023.103663
Luo HLiu ZZhang S(2022)Preventing DDoS Flooding Attacks With Cryptographic Path Identifiers in Future InternetIEEE Transactions on Network and Service Management10.1109/TNSM.2022.314751119:2(1690-1704)Online publication date: Jun-2022
https://doi.org/10.1109/TNSM.2022.3147511
Cheng YGao SHou X(2022)A Secure Authentication Mechanism for Multi-Dimensional Identifier Network2022 International Conference on Networking and Network Applications (NaNA)10.1109/NaNA56854.2022.00035(163-168)Online publication date: Dec-2022
https://doi.org/10.1109/NaNA56854.2022.00035
Saharan SGupta V(2022)Prevention of DrDoS Amplification Attacks by Penalizing the Attackers in SDN EnvironmentAdvanced Information Networking and Applications10.1007/978-3-030-99587-4_58(684-696)Online publication date: 31-Mar-2022
https://doi.org/10.1007/978-3-030-99587-4_58
Pradhan DSahu PGhonge MRajeswari Tun H(2022)Security Approaches to SDN-Based Ad hoc Wireless Network Toward 5G CommunicationSoftware Defined Networking for Ad Hoc Networks10.1007/978-3-030-91149-2_7(141-156)Online publication date: 9-Feb-2022
https://doi.org/10.1007/978-3-030-91149-2_7
Balakrishnan HBanerjee SCidon ICuller DEstrin DKatz-Bassett EKrishnamurthy AMcCauley MMcKeown NPanda ARatnasamy SRexford JSchapira MShenker SStoica ITennenhouse DVahdat AZegura E(2021)Revitalizing the public internet by making it extensibleACM SIGCOMM Computer Communication Review10.1145/3464994.346499851:2(18-24)Online publication date: 10-May-2021
https://dl.acm.org/doi/10.1145/3464994.3464998
He LRen GLiu YYang J(2021)PAVI: Bootstrapping Accountability and Privacy to IPv6 InternetIEEE/ACM Transactions on Networking10.1109/TNET.2020.304766729:2(695-708)Online publication date: Apr-2021
https://doi.org/10.1109/TNET.2020.3047667
Xia YSu JChen RHuang X(2021)APGS: An Efficient Source-Accountable and Metadata-Private Protocol in the Network LayerIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.303229416(1245-1260)Online publication date: 2021
https://doi.org/10.1109/TIFS.2020.3032294
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents