Origin authentication in interdomain routing

William Aiello, John Ioannidis, Patrick McDaniel

Research output: Contribution to journalConference articlepeer-review

80 Scopus citations


Attacks against Internet routing are increasing in number and severity. Contributing greatly to these attacks is the absence of origin authentication: there is no way to validate claims of address ownership or location. The lack of such services enables not only attacks by malicious entities, but indirectly allow seemingly inconsequential miconfigurations to disrupt large portions of the Internet. This paper considers the semantics, design, and costs of origin authentication in interdomain routing. We formalize the semantics of address delegation and use on the Internet, and develop and characterize broad classes of origin authentication proof systems. We estimate the address delegation graph representing the current use of IPv4 address space using available routing data. This effort reveals that current address delegation is dense and relatively static: as few as 16 entities perform 80% of the delegation on the Internet. We conclude by evaluating the proposed services via traced based simulation. Our simulation shows the enhanced proof systems can reduce significantly reduce resource costs associated with origin authentication.

Original languageEnglish (US)
Pages (from-to)165-178
Number of pages14
JournalProceedings of the ACM Conference on Computer and Communications Security
StatePublished - 2003
EventProceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003 - Washington, DC, United States
Duration: Oct 27 2003Oct 31 2003

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Origin authentication in interdomain routing'. Together they form a unique fingerprint.

Cite this