The popularity of the current generation Internet protocols such as BGP and DNS is in no doubt. However, they are designed during an era where malicious intent was not considered as a serious issue to grapple with. Each domain administrator was able to manage and configure the administrative entities in that domain easily.

However, as the scale of the Internet grew rapidly, more so in recent years, such issues have come to the fore. Consider the example of BGP. It was identified that 8% of all BGP routes are erroneous. Similarly, attacks on the Internet have the potential to bring it down for a significant amount of time resulting in enormous economic loss. Attacks could be because of an incorrect configuration of routers or due to malicious intent or could be motivated by personal or economic considerations. For example, peer BGP routers could be configured so as to make certain routes preferable or non-preferable. A router can advertise incorrect routing updates resulting in wrong routing information at other routers. Hence, it is important that security issues be identified in the current generation Internet protocols.

Security weaknesses in routing protocols need not be solely due to incorrect routing information. An attacker can use the actual packet delivery phase, the data plane, to divert packets along routes that are different from the computed and advertised routes. These are much harder to detect in general.

The project aims to understand the security weaknesses in the currently used Internet protocols such as BGP and DNS and propose efficient mechanisms to address the identified weaknesses. While there has been lot of work in recent years in this direction, the practicality of the proposed schemes is a major concern. Many of the existing schemes make use of public key crypto-systems, such as RSA, that are not as practical compared to symmetry key systems. Moreover, the proposed mechanisms should properties such as being light-weight, provable secure, and incrementally deployable. The proposed mechanisms should be light-weight so that the additional computational or storage burden is kept as small as possible. Incrementally deployability is required so that the solution can be deployed even at a few routers and the new mechanism can continue to operate with the existing protocols.

People

• Bezawada Bruhadeshwar
• Kishore Kothapalli
• Sree Deepya
• M. Poornima
• H. Dhinngra

Publications

• Sreekanth Malladi, Bruhadeshwar Bezawada, and Kishore Kothapalli. Automatic analysis of distance bounding protocols, in Workshop on Foundations of Computer Security, 2009.
• K. Kothapalli, B. Bezawada, M. Poornima, Routing Security using Symmetric Keys, in Proc. of ARES 2009.
• K. Kothapalli, B. Bezawada, M. Sreedeepya, Reducing the cost of Establishing a Session Key, in Proc. of ARES 2009.
• B. Bezawada, K. Kothapalli, and H. Dinghra, A Framework for Shared Object Access with Applications, 2008.
• K. Kothapalli, B. Bruhadeshwar, S. Thorat, and A. Khandelwal. Payload Content Based Network Anomaly Detection, in Proc. of IEEE International Conference on the Applications of Digital Information and Web Technologies, 2008.
• K. Kothapalli, B. Bruhadeshwar, S. Thorat, and A. Khandelwal. Anomalous Packet Detection using Partitioned Payload in Journal of Information Assurance and Security, Vol 4, pp. 195--202, 2008.
• B. Bruhadeshwar and K. Kothapalli, A Family of Collusion-Resistant Protocols for Authentication, in Proc. of the International Conference on Distributed Computing and Networks (ICDCN), January 2008, Kolkata, India.

Tutorials

1. Security Issues and Challenges in Wireless Newtorks, Bezawada Bruhadeshwar and Kishore Kothapalli, at the fourth International Conference on Information Systems Security (ICISS 2008), Hyderabad, India, 2008.

Software

Coming soon...

Visitors

1. Dr. K. Sriram visited IIIT-H on Jully 23, 2009 and delivered a talk on Next Generation Internet Design with Robust Scalability and Security Features. Here is a copy of his slides.