3337 Klaus Advanced Computing Building
Network and Telecommunications Group
- Effectiveness of S*BGP Under Partial Deployment
In this project we address many questions that arise when S*BGP protocols (e.g. S-BGP, SoBGP, BGPsec, etc) are only partially deployd (i.e. when some ASes have deployed S*BGP, but others have not). By combining theoretical analyses with multiple large-scale simulations on empirical data, we address many important questions such as ``What security guarantees are achievable under partial deployment and how to quantify them?'', ``What new vulnerabilities are introduced into the interdomain routing system?'', ``Under what conditions are secure path-vector protocols guaranteed to converge even in presence of attackers?'', ``Which ASes are the most important to secure?'', and many more.
- S-BGP Security Analysis
The goal of this investigation is to provide the first provable-security treatment of the Secure Border Gateway Protocol (S-BGP).
We design a formal security model by studying, generalizing, and formalizing numerous known
threats in the context of path-vector routing protocols. We can show that although S-BGP
meets some security goals, it fails to prevent attacks that stem from export policy
violations and collusion. We study practical modifications to S-BGP to address all known
attacks in the the context of weaker security models and relaxed PKI requirements.
- Network Contracts and Accountability
The main challenge of this project is to study mechanisms that incentivize autonomous
systems (ASes) to meet their contractual obligations with respect to quality of service
(e.g. packet drops, delays, and/or jitter) and honestly report their failures when they do not.
We model the interactions between ASes with a game, in which ASes are the players, and study
their behaviors in the context of different topologies and payment schedules.
- Orchid : In-Band Network Fault Localization
We tackle the problem of network fault localization in presence of transient packet loss by embedding the diagnostic information about performance in the data traffic. The major
challenge is to design a light-weight, in-band protocol that can accurately localize network
faults even when the diagnostic information itself can be lost.
- SculpTE: Autonomous, Online Traffic Engineering
We address the problem of load-balancing network traffic in a way that is robust to link
failures and changes in demand while not requiring any a priori configuration. We
study a class of traffic engineering techniques that achieve responsiveness in a stable manner.
- Preserving Privacy in Public Transportation with Electronic Ticketing
Many public transportation systems have deployed electronic ticketing, but such technologies
do not preserve privacy of users. We present a suite of protocols for variable-rate
fare systems with electronic, stored-value ticketing that, while ensuring security of
payment for the transit authority, (1) provide efficient spending and purchasing while
hiding the balance of users' electronic travel tokens, (2) hide users' source of travel at
the destination and vice versa, and (3) hide users' start location and time of transfer
at the end point of transfer and vice versa.
- R. Lychev, S. Goldberg, M. Schapira, Is the Juice Worth the Squeeze? BGP Security in Partial Deployment, To appear in SIGCOMM'13.
- R. Lychev, S. Goldberg, M. Schapira, Network Destabilizing Attacks, Appeared as a brief announcement in PODC'12.
- A. Boldyreva, R. Lychev, Provable Security of S-BGP and other Path-Vector Protocols: Model, Analysis and Extensions, Appeared in CCS 2012.
- S. Sundaresan, R. Lychev, V. Valancius, Preventing Attacks on BGP Policies: One Bit is Enough, Technical Report GT-CS-11-07, Georgia Tech, 2011.
- R. Lychev, N. Feamster, Designing Enforceable Network Contracts , Technical Report GT-CS-09-02, Georgia Tech, 2009.
- S. Huang, R. Lychev, J. Yang, Stepping-Stone Detection via Request-Response Traffic Analysis , Proc. 4th International Conference ATC 2007.