March 1 – 4 , 2015, Dagstuhl Seminar 15102
Secure Routing for Future Communication Networks
1 / 3 >
For support, please contact
Routing is a fundamental mechanism in communication networks, and its security is critical to ensure availability and to prevent attacks; however, developing and deploying secure routing mechanisms is still a challenge. Routing is the process by which information is passed via the communication network, from source to destination, via a series of intermediary nodes/routers. Routing attacks include route-hijacking, i.e., diverting traffic to an adversary-controlled router, and denial-of-service attacks exploiting the routing mechanism, i.e., preventing communication (in parts or the entire network), e.g., by malicious dropping of packets by a router.
Routing, and even more secure routing, are complex problems with many variants. In particular, the Internet is a federation of many domains (usually referred to as autonomous systems (ASes)), each managed by a separate organization; there are separate standard protocols for routing inside an AS (intra-domain routing) and for routing from a source in one AS to a destination in a different AS (inter-domain routing). Significant efforts are dedicated to securing intra-domain routing protocols and inter-domain routing protocols; in addition, significant efforts are also dedicated to the design of completely new Internet architectures that include secure routing mechanisms.
Another categorization of routing mechanisms and challenges involves mobility. Many routing protocols, including standard Internet routing, are designed for a mostly static topology, where connections between routers are relatively stable. However, communication is increasingly performed among mobile devices. There are many efforts and challenges in the design of (secure) routing mechanisms for highly mobile networks, e.g., between tiny wireless sensors, swarms of tiny robots, or simply mobile users (e.g., upon catastrophic failure to regular infrastructure).
There is also a need to re-evaluate and possibly re-design routing mechanisms and security measures, to address changes in the way the Internet is used, and in the presence of new security challenges. In particular, is there a need to adapt routing to facilitate, and/or take advantage of, cloud services, and to support security for them? Is there a need to adapt routing to the increased threat of Denial-of-Service attacks, or to facilitate widespread provision of Quality-of-Service? Should routing be modified to take into account energy considerations, or to take advantage of and facilitate Software Defined Networking (SDN)? If modifications are made for these goals, how does this affect routing systems’ attack surface? Finally, is there a need to modify routing and its security mechanisms, as a result of the recent revelations regarding the scope of abuse of routing by powerful nation-state adversaries?
In summary, to advance routing security in the aforementioned topic areas, a number of significant research problems need to be addressed, and identifying these problems was the goal of this seminar. The first objective was to facilitate brainstorming and exchange of ideas among experts working in different areas and types of secure networking, leading to an improved understanding of the different aspects of secure routing. The second objective was to identify the most important research challenges and to devise a roadmap towards addressing urgent issues. Through the seminar, we aimed at opening up new avenues of research in the area of routing security. For the given focus areas of the seminar, we contributed to the following key research challenges:
- Routing Security by Design for a Future Internet: the challenge was to overcome the limitations and confined models imposed by today’s Internet. Both clean slate as well as evolutionary approaches towards a secure-by-design future Internet were discussed.
- Inter-domain Routing Security and Intra-domain Routing Security: challenges addressed in inter-domain routing were the reconciliation of potentially conflicting security interests across multiple domains and resilience against recently published attacks. Intra-domain routing is underrepresented in research; here, the seminar aimed at identifying the key research challenges towards a research roadmap.
- Routing Security in Mobile/Wireless Networks, and in Delay- and Disruption-tolerant Networks: the main goal within the seminar was to identify possible ways to provide routing security in light of the severely limited resources and special characteristics of mobile and wireless systems.
- Quality of Service (QoS) and Denial of Service (DoS) aspects of Routing Security: the challenge was to jointly consider security considerations and QoS aspects, both in theory and practice.
To address these challenges, the seminar was organized in six working groups. They are presented in Section 4 of the report.
Creative Commons BY 3.0 Unported license
Amir Herzberg, Matthias Hollick, Allison Mankin, and Adrian Perrig
- Security / Cryptology
- World Wide Web / Internet
- Secure routing
- Communication networks
- Future internet
- Privacy and anonymity
- Mobile and wireless networks