Visible to the public Collaborative Research: CT-T: Towards a More Accountable InternetConflict Detection Enabled

Project Details

Lead PI

Performance Period

Jul 31, 2007 - Jul 30, 2012


International Computer Science Institute

Award Number

The goal of this project is to design, implement, and test an internetwork architecture called the Accountable Internet Protocol (AIP). AIP retains much of the elegance and simplicity of IP, but is far better equipped to thwart malicious adversaries. To provide this protection, AIP incorporates three kinds of accountability: source accountability, control-plane accountability, and dataplane accountability. Together, these three forms of accountability ensure that any host, router, and autonomous network can identify misbehaving components.

Operationally, this results in: an Internet in which any spoofing or forgery of source addresses is detectable (from source accountability); a partial defense against flooding attacks from compromised hosts (also from source accountability); an Internet where route hijacking and other security compromises to inter-domain routing are impossible (from control-plane accountability); and the ability for end hosts and operators to pinpoint locations where packets are being lost or excessively delayed even when the problems are in other networks (from data-plane accountability).

The cornerstone of AIP is its use of a self-certifying address format. All AIP addresses are of the form AD:EID, where AD is the identifier for the autonomous domain that the host belongs to, and EID is a globally unique host identifier. Both address components are derived from public keys held by the domain and host, respectively, allowing other entities to verify the authenticity and provenance of packets and messages. AIP's self-certifying addressing allows simple protocols to realize the above benefits.