{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

lecture7-clean-slate-intro

lecture7-clean-slate-intro - Lecture 7 Clean-Slate Secure...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
1 1 Lecture 7 Clean-Slate Secure Network Design Introduction Adrian Perrig 18-731: Network Security Spring 2009 2 Overview Administrative issues Steelers victory Any other issues?
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 3 Sample Reading Critique HOLDING THE INTERNET ACCOUNTABLE Summary: The paper basically says that today’s IP architecture does not provide any accountability which leads the attackers to be confident that they will not be identified or thwarted easily. Thus in order to provide security accountability is must. AIP provides authenticity of routing messages and provenance of the data packets which makes the attacks to be traceable or difficult to mount. Things Learned: AIP detects and prevent spoofing of the source address, it also throttle unwanted messages by sending explicit “shut-off” messages, and detect the unauthorized route advertisements. In order to detect the forgeries or errors, and provide origin and path authentication in the routing messages, we need accountability in the control plane and source accountability would make the packet filters, intrusion detection and prevention system more robust as they don’t have to worry about source address forgeries. The address of the hosts are in the form AD:EID, where AD is the autonomous domain and EID is the endpoint identifier. In order to make the address self-certifying, AD is the hash of the public key of the domain and EID is the hash of the public key of the corresponding host. Because of the self-certification of the addresses, the security mechanisms does not have to deal with undesirable trust relationship or manual configuration. Suggestion/Improvements For the path verification it suggests that each route advertisements should be signed by each AD along the path and the receiving router should verify all the N-1 signatures. However this will take a considerable amount of time, and the protocol will be beaten by performance. Each router who does not send packets often will have to get itself verified every time before sending packets, and also it will have to resend the first packet every time, this would again be inefficient.
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern