Date of Original Version
12-28-2010
Type
Technical Report
Abstract or Table of Contents
We present the first Internet architecture designed for control and isolation. We propose to separate ASes into groups of independent routing sub-planes which then in-terconnect to form complete routes. Our architecture, SCI-FI, provides superior resilience and security properties as an intrinsic consequence of good design principles, without needing additional add-on protocols or external checks to provide resilience. Our security analysis shows that SCI-FI can naturally prevent several long-standing security plagues to existing interdomain routing protocols even with their semantics perfectly secured. Our evaluation results further demonstrate SCI-FI’s routing efficiency, path expressiveness, and substantial reliability improvements over existing (secured) routing protocols in the presence of malicious attacks.
Comments
CMU-CyLab-10-020