Abstract
The Internet is an interconnection of autonomous systems (ASes) that are mostly controlled by Internet service providers (ISPs). ASes use Border Gateway Protocol (BGP) to communicate routing information in the form of reachability paths. However, BGP does not guarantee that the advertised reachability paths will be exactly followed. As a result, traffic belonging to a specific network can be intentionally dropped as it is routed by BGP through a malicious ISP; a behavior we define as Internet access denial. The impact of Internet access denial, especially when performed by higher-tier ISPs, is significant. In this work, network address translation (NAT) is used as a solution to overcome the Internet access denial problem by hiding the traffic identity. The proposed solution is scalable to fit large networks, by using pools of IP addresses across several NAT routers. Moreover, the proposed solution addresses the server reachability problem that is associated with NAT routers by introducing a novel approach. The performance degradation of introducing NAT is significantly small as shown by our experiments' results.
| Original language | English |
|---|---|
| Pages (from-to) | 194-209 |
| Number of pages | 16 |
| Journal | Security and Communication Networks |
| Volume | 6 |
| Issue number | 2 |
| DOIs | |
| State | Published - Feb 2013 |
Bibliographical note
Funding Information:We thank seminar participants at Harvard, MIT, Stanford, the Tinbergen Institute and the 1995 Royal Economic Society meetings at the University of Canterbury—Kent. We are grateful to James Alt, Robert Barro, Olivier Blanchard, Paul Collier, Richard Cooper, Anne Krueger, John Leahy, Eric Maskin, Mancur Olson, Jeffrey Sachs, Andrei Shleifer, Andres Velasco and two anonymous referees. All errors are our own. Appendix A
Keywords
- Internet access denial
- Internet availability
- Malicious ISP
- NAT
- Resilient Internet
ASJC Scopus subject areas
- Information Systems
- Computer Networks and Communications
