Computer Science Department
School of Computer Science, Carnegie Mellon University
Don't Secure Routing Protocols,
Dan Wendlandt, Ioannis Avramopoulos*,
Internet routing and forwarding are vulnerable to attacks and misconfigurations that compromise secure communications between end-systems. Secure routing protocols have been extensively pursued as the means to counter these threats. In this paper, we argue that merely creating a secure routing protocol does not solve the core problems of secure communication, i.e., end-to-end confidentiality, integrity, and availability. We instead examine the underlying problem of creating a routing system that ensures availability, finding that the goals of secure routing can be better solved by a routing system that relies on multipath routing, end-to-end cryptography, availability monitoring, and path selection algorithms that redistribute traffic to circumvent routing failures. We term this system Availability-Centric Routing, or ACR. Our results demonstrate that even in limited deployment scenarios, ACR achieves significant resilience under powerful attacks without a secure control plane. ACR runs along-side BGP, rather than replacing it. It has low barriers to adoption, as it relies on widely available end-to-end cryptographic systems and data-plane functionality available in popular routers. We believe that ACR meets our goal of providing secure delivery without a secure routing protocol.
*Computer Science Department, Princeton University, Princeton, NJ