Thursday, March 17, 2005
4:15 pm
B17 Upson Hall

Computer Science
Spring 2005

Lakshmi Subramanian
UC Berkeley

Decentralized Security Mechanisms for Internet Routing

Today's Internet is at risk. A single misbehaving router--whether through misconfiguration or malicious intent--can hijack routes, bringing down over a third of the Internet. This critical vulnerability stems from the pervasive assumption inherent in existing protocols that any information propagated by routers is correct. Emerging security proposals for Internet routing require a public key infrastructure and a trusted central authority, and thus are unlikely to see wide deployment.

In this talk, I will first describe Listen and Whisper, two decentralized and deployable security mechanisms that improve the security of the Border Gateway Protocol (BGP), the current inter-domain routing protocol. Their combination eliminates the threat of route hijacking due to misconfigurations and restricts the damage that deliberate attackers can cause. Using a real-world deployment of these mechanisms within the Berkeley campus network, we have been able to detect several routing anomalies.

Then, I will show how these techniques can be extended to provide a foundational suite of security primitives to achieve secure routing in an arbitrary network against a bounded number of adversaries. These techniques address two open theoretical problems: (a) Under what constraints can one achieve decentralized key distribution given a bounded number of adversaries? (b) When can one achieve Byzantine agreement if the underlying graph is not known to the nodes?

Bio:  Lakshminarayanan Subramanian is currently a PhD candidate at UC Berkeley working with Professors Randy H. Katz, Ion Stoica and Scott Shenker. He received an M.S. in Computer Science from UC Berkeley in 2002 and a B.Tech in Computer Science from the Indian Institute of Technology, Madras in 1999. His research interests are in the areas of networking and distributed systems with specific emphasis on routing, network security, Internet architecture, overlay networks and quality of service.