Secure and Policy-Compliant
Source Routing
Abstract
In today’s
Internet, inter-domain route control remains elusive; nevertheless, such
control could improve the performance, reliability, and utility of the network
for end users and ISPs alike.
While researchers
have proposed a number of source routing techniques to combat this limitation,
there has thus far been no way for independent ASes to ensure that such traffic
does not circumvent local traffic policies, nor to accurately determine the
correct party to charge for forwarding the traffic.
DESCRIPTION:
Platypus uses network capabilities, primitives that
are placed within individual packets, to securely attest to the policy
compliance of source routing requests.
Network capabilities are
i) Transferable: an entity can delegate capabilities to others,
ii) Compostable: a
packet may be accompanied by a set of capabilities,
iii) Cryptographically authenticated.
Capabilities can be issued by to any parties they know how to
bill. Each capability specifies a desired transit
point (called a waypoint), a resource principal responsible for the traffic, and a stamp of authorization.
Existing System
An increasing
number of ASes have been connecting to the
Internet through the BGP inter-domain routing protocol. With increasing
stress on the scale of this system and increasing reliance on Internet
connectivity, more participants demand additional functionality from
inter-domain routing that BGP cannot handle.
For example, we believe that the recent trend
towards multi-homed stub networks exhibits a likely intent to achieve fault
tolerant and load balanced connectivity to the Internet.
However, BGP today offers route fail-over times
as long as 15 minutes and very limited control over incoming traffic across
multiple wide area paths.
More research literature and news media are
calling for stemming malicious or erroneous routing announcements. We propose
policy control architecture, OPCA that runs as an overlay network on top of
BGP.
OPCA allows an AS
to make route change requests at other, remote ASes to achieve faster route
fail-over and provide capabilities to control traffic entering the local AS.
Proposed
System
We present
Platypus, an authenticated source routing system built around the concept of
network capabilities, which allow for accountable, fine-grained path selection
by cryptographically attesting to policy compliance at each hop along a source
route.
Capabilities can
be composed to construct routes through multiple ASes and can be delegated to
third parties. Platypus caters to the needs of both end users and ISPs:
Users gain the
ability to pool their resources and select routes other than the default, while
ISPs maintain control over where, when, and whose packets traverse their
networks.
We describe the
design and implementation of an extensive Platypus policy framework that can be
used to address several issues in wide-area routing at both the edge and the
core, and evaluate its performance and security.
Our results show that incremental deployment
of Platypus can achieve immediate gains.
Hardware
Requirements
•
System : Pentium IV 2.4 GHz.
•
Hard
Disk : 40 GB.
•
Floppy
Drive : 1.44 Mb.
•
Monitor :
15 VGA Colour.
•
Mouse : Logitech.
•
Ram : 256 Mb.
Software Requirements:
•
Operating system :
- Windows XP Professional.
•
Front End : - Visual Studio.Net 2005
•
Coding Language : - Visual C# .Net.
No comments:
Post a Comment