GGrantIndex
← Search

Collaborative Research: CT-T: Towards a More Accountable Internet

$300,000FY2007CSENSF

International Computer Science Institute, Berkeley CA

Investigators

Abstract

Proposal Number: 0716342 PI: Scott Shenker Institution: International Computer Science Institute, University of California Berkeley Lead Proposal Number: 0716278 PI: Nicholas Feamster Institution: Georgia Institute of Technology Sub Proposal Number: 0716287 PI: David Andersen Institution: Carnegie Mellon University Sub Proposal Number 0716273 PI: Hari Balakrishnan Institution: Massachusetts Institute of Technology Sub Title: Collaborative Research CT-T: Towards a More Accountable Internet Abstract The goal of this project is to design, implement, and test an internetwork architecture called the Accountable Internet Protocol (AIP). AIP retains much of the elegance and simplicity of IP, but is far better equipped to thwart malicious adversaries. To provide this protection, AIP incorporates three kinds of accountability: source accountability, control-plane accountability, and dataplane accountability. Together, these three forms of accountability ensure that any host, router, and autonomous network can identify misbehaving components. Operationally, this results in: an Internet in which any spoofing or forgery of source addresses is detectable (from source accountability); a partial defense against flooding attacks from compromised hosts (also from source accountability); an Internet where route hijacking and other security compromises to inter-domain routing are impossible (from control-plane accountability); and the ability for end hosts and operators to pinpoint locations where packets are being lost or excessively delayed even when the problems are in other networks (from data-plane accountability). The cornerstone of AIP is its use of a self-certifying address format. All AIP addresses are of the form AD:EID, where AD is the identifier for the autonomous domain that the host belongs to, and EID is a globally unique host identifier. Both address components are derived from public keys held by the domain and host, respectively, allowing other entities to verify the authenticity and provenance of packets and messages. AIP's self-certifying addressing allows simple protocols to realize the above benefits.

View original record on NSF Award Search →