Internet routing and forwarding are vulnerable to attacks and misconfigurations that compromise secure communications between end-systems. Secure routing protocols have been extensively pursued as the means to counter these threats. In this paper, we argue that merely creating a secure routing protocol does not solve the core problems of secure communication, i.e., end-to-end confidentiality, integrity, and availability. We instead examine the underlying problem of creating a routing system that ensures availability, finding that the goals of secure routing can be better solved by a routing system that relies on multipath routing, end-to-end cryptography, availability monitoring, and path selection algorithms that redistribute traffic to circumvent routing failures. We term this system Availability-Centric Routing, or ACR. Our results demonstrate that even in limited deployment scenarios, ACR achieves significant resilience under powerful attacks without a secure control plane. ACR runs along-side BGP, rather than replacing it. It has low barriers to adoption, as it relies on widely available end-to-end cryptographic systems and data-plane functionality available in popular routers. We believe that ACR meets our goal of providing secure delivery without a secure routing protocol.

15 pages

*Computer Science Department, Princeton University, Princeton, NJ

Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by [email protected]