1. Challenge: Securing Routing Protocols Adrian Perrig perrig@cmu.edu

2. Why Secure Routing?  Deployed routing protocols assume a trusted environment!  Even misconfigurations can severely disrupt routing protocols  Secure routing properties  Reduce misconfiguration impact  Robust against compromised nodes (Byzantine failures)  Only legitimate nodes participate in forwarding  Prevent attackers from injecting bogus routes

3. Secure Routing Illustration G S B E C A D H F J I A B F

4. Secure Ad Hoc Network Routing Protocols  SEAD: Secure Efficient Ad hoc Distance vector routing protocol [WMCSA 2002]  Ariadne: secure on-demand routing protocol [Mobicom 2002]  New routing attacks  Wormhole attack [Infocom 2003]  Rushing attack  Joint work with Yih-Chun Hu and David Johnson

5. Secure Sensor Network Routing  Challenges  Energy constraints invite DoS attacks  Memory and bandwidth constraints prevent using sophisticated routing protocols  Compromised nodes may inject malicious messages or drop data traffic  Current approach: combine probabilistic routing with multi-path routing

6. Secure Internet Routing  Challenges  Legacy systems  Untrusted domains, complicated trust relationships  Even misconfigurations can significantly perturb Internet routing  Current project: use efficient cryptographic techniques to verify BGP routing updates

7. Research Directions  Today we enumerate attacks and protect against them  To start securing BGP, RPsec IETF working group is establishing a list of BGP vulnerabilities  We need to establish metrics  Allows comparison of protocols  Study security properties vs performance  Measure effectiveness of DoS attacks E.g., in sensor networks: attacker energy / network energy