The Internet is thin-skinned. Malicious hosts and automated systems regularly pummel it with attacks, from route hijacking to source address spoofing and more. This past November, for example, the country of Myanmar dropped off the Internet for a week due to denial-of-service attacks, in which networks were overwhelmed by floods of illegitimate requests. In 2008, the Pakistan Telecom network accidentally hijacked YouTube worldwide while trying to block a single video, taking over the website's address by corrupting the Internet's routing table. The list goes on.
For over five years, Xiaowei Yang, an Assistant Professor in the Department of Computer Science, has studied the Internet 's vulnerabilities and explored ways to make it more robust to failures and more resilient to attacks. Her research has led her to a single, pertinent conclusion: "The present Internet doesn't have accountability -- there is little support to identify a misbehaving entity and hold it responsible for its traffic," says Yang. Malicious hosts or networks, for example, can spoof IP addresses or assume the IP address blocks of reputable networks without punishment.
To form a foundation to instill such accountability, Yang and her students designed a mechanism called IP Made Accountable, or IPA. The design uses the present Internet architecture to enable a suite of security modules to identify sources of traffic and defend against malicious, or unrecognized, attacks.
The IPA design uses a pre-existing Internet system called DNSSEC to bind a network's cryptographic keys to the IP address prefix the network owns. These secure bindings are called IP prefix certificates, easily identifiable certificates that are then attached to any information sent out from that address using current routing systems. Networks receiving those routing messages can then validate the ownership based on the certificates and know their true origins. Yang and her students further developed a system that uses this secure routing exchange to enable a network to validate the source address of a data packet, thereby preventing source address spoofing attacks.
A crucial part of the new design is the ability to use it in conjunction with the current Internet infrastructure. "The main challenge is to propose changes that can be easily adopted into today's Internet architecture," says Yang. To do so, the system is lightweight: low cost, easily deployable through the use of present day Internet protocols, and effective without using up too many resources.
Yang has already successfully evaluated IPA's performance through analysis and live Internet experiments. During one such test last August, however, a bug in certain routers failed to process the data, halting one percent of Internet traffic all over the world for about 30 minutes. A bug patch soon fixed the problem, says Yang. The incident showed just how fragile one of the Internet's core protocols really is, security experts said after the event.
Now that the system has been designed and tested, the next step is to spread the idea in the community. "I look forward to talking to people about it and exchanging ideas," says Yang. "We've been working on this for a long time," she adds with a laugh. "It's time to do some outreach."