Bootstrapping Accountability in the Internet We Have

Date Added: Oct 2010
Format: PDF

The lack of accountability makes the Internet vulnerable to numerous attacks, including prefix hijacking, route forgery, source address spoofing, and DoS flooding attacks. This paper takes a "Dirty-slate" approach to bring accountability to the present Internet with low-cost and deployable enhancements. The authors' design, IPA, uses the readily available top-level DNSSEC infrastructure and BGP to bootstrap accountability. They integrate it with a suite of security building blocks to combat various network-layer attacks. Their evaluation shows that IPA introduces modest overhead, is gradually deployable, and offers incentives for early adoption.