Internet Service Providers typically do not reveal details of their interdomain routing policies due to security concerns, or for commercial or legal reasons. As a result, it is difficult to hold ISPs accountable for their contractual agreements. Existing solutions can check basic properties, such as whether route announcements correspond to valid routes, but do not verify how these routes were chosen. In essence, today’s Internet forces one to choose between per-AS privacy and verifiability. In this paper, we argue that making this difficult tradeoff is unnecessary. We propose private and verifiable routing (PVR), a technique that enables ISPs to check whether their neighbors are fulfilling their contractual promises to them, and to obtain evidence of any violations, without disclosing information that the routing protocol does not already reveal. As initial evidence that PVR is feasible, we sketch a PVR system that can verify some simple BGP policies. We conclude by highlighting several research challenges as future work.
@inproceedings{eating-cake,
author = {Gurney, Alexander J.T. and Haeberlen, Andreas and Zhou, Wenchao and Sherr, Micah and Loo, Boon Thau},
booktitle = {ACM Workshop on Hot Topics in Networks (HotNets)},
title = {{Having your Cake and Eating it too: Routing Security with Privacy Protections}},
year = {2011}
}