Securing Routing in Open Networks Using Secure Traceroute

MSR-TR-2004-66 |

We consider the threat imposed on network routing in “open” networks such as community wireless networks. The key characteristic of such networks is that it is relatively easy for users (and attackers) to add routers, establish (possibly wireless) links, and advertise routes. We argue that the traditional focus on securing the routing protocol is insufficient to address the threats arising in this environment. It is also important to secure packet forwarding. To this end, we apply a secure traceroute protocol to detect and localize faulty packet forwarding, which can aid problem resolution either via automatic rerouting or via human action. We present a security analysis of the protocol, discuss our implementation of it in a community wireless network testbed, and show that secure traceroute imposes a negligible overhead on performance.