SECURE BORDER GATEWAY PROTOCOL USING TIGER ATTACKS
|
|
- Beverly Atkinson
- 5 years ago
- Views:
Transcription
1 SECURE BORDER GATEWAY PROTOCOL USING TIGER ATTACKS P.GIRIJA 1, G.SARANYA 2, S.KOUSALYA 3 1,2,3 ASSISTANT PROFESSOR-CSE A.S.L PAULS COLLEGE OF ENGINEERING AND TECHNOLOGY, Coimbatore Abstract Border Gateway Protocol (BGP) is vulnerable to routing attacks because of the lack of inherent verification mechanism. Several secure BGP schemes have been proposed to prevent routing attacks by leveraging cryptographic verification of BGP routing updates. In this paper, we present a new type of attacks, called TIGER, which aims to invalidate the proven security of these secure BGP schemes and allow ASes to announce forged routes even under full deployment of any existing secure BGP proposal. By launching TIGER attacks, malicious ASes can easily generate and announce forged routes which can be successfully verified by the existing secure BGP schemes. Furthermore, TIGER attacks can evade existing routing anomaly detection schemes by guaranteeing routing data-plane availability and consistency of control- and data-plane. Toward a new securing BGP scheme, we propose Anti-TIGER to detect and defend against TIGER attacks. Anti-TIGER enables robust TIGER detection by collaborations between ASes. In particular, we leverage Spread Spectrum Communication technique to watermark certain special probing packets, which manifest the existence of TIGER attacks. Anti-TIGER does not require any modifications in routing data-plane, therefore it is easy to deploy and incrementally deployable. We evaluate the effectiveness of TIGER and Anti-TIGER by experiments with real AS topologies of the Internet. Our experiment results show that TIGER attacks can successfully hijack a considerable number of prefixes. In the meanwhile, Anti-TIGER can achieve 100 percent detection ratio of TIGER attacks. 1 INTRODUCTION BORDER Gateway Protocol (BGP) is the defacto protocol to ensure the inter-as connectivity of the Internet. However, since BGP does not have built-in mechanisms to verify if a route is genuine, it suffers severe security plagues. Any AS (or BGP router) can announce a fake route, and its neighbors cannot verify if the route is valid. For example, on Feb. 24th, 2008, Pakistan Telecom (AS17557) started an unauthorized announcement of the prefix /24 [7]. One of Pakistan Telecom s upstream providers, PCCW Global (AS3491), forwarded this announcement to the rest of the Internet, resulting in the hijacking of YouTube traffic on a global scale for more than two hours. Many similar traffic backholes and interceptions with active routing attacks and mis-configurations have been reported [1], [2]. In TIGER attacks, which aims to launch routing attacks even with fully deployment of these proven secure BGP proposals. In TIGER, two ASes equipped with the existing BGP security mechanisms collude to generate forged routing paths, whose signatures can be successfully verified by other ASes. That is, with TIGER, any pair of colluding ASes can invalidate the existing idealized BGP security proposals and launch routing attacks at will, e.g., generating routing blackholes or attracting traffic. For example, in Fig. 1, TIGER routers in AS3 and AS6 collude to build a tunnel session between them and generate a fake BGP link AS3-AS6 over the tunnel. In the meanwhile, they encapsulate the traffic from AS1 to AS7. Thus, AS1 cannot perceive the existence of the tunneled ASes, i.e., AS4, AS8, and AS7, in the traffic forwarding path to AS7. Through the tunnel session, AS3 and AS6 also can obtain the signatures of the routing updates from each other, which allow them to re-announce the routing updates with the correct signatures generated by S- BGP or BGPsec. For example, as shown in Fig. 1, AS1 receives a routing update announcing the fake routing path {AS3, AS6}. In the meanwhile, AS1 can identify its real data-plane path to AS6 by probing packets, e.g., using trace route. Since the colluding ASes can encapsulate the probing packets, the forwarding route returned by trace route is valid and consistent with the routing updates. 2 BACKGROUND: BGP SECURITY 2.1 Objectives of Attacking BGP Routing black holes Traffic interceptions Economic incentives 90
2 2.2 Securing BGP Proposals Aims to provide similar security guarantee, i.e., authenticating prefix origin and routing paths 3 DESIGN OF TIGER 3.1 TIGER: Stealthy Routing Attacks (1) Routers in the colluding ASes, i.e., R1 in ASx and R3 in ASy, build tunnels, e.g., IP-in-IP tunnels [29], Generic Routing Encapsulation (GRE) tunnels [12], or Layer two Tunnel protocol (L2TP) tunnels [31], between themselves. With the tunneled traffic, R1 and R3 have a virtual link between them. (2) R1 and R3 build a BGP session (called a TIGER session) with each other with the tunnel link ASx-ASy. That is, the network operators in ASx sets R3 as R1 s BGP peer in BGP session configuration, and the operator in ASy sets R1 as R3 s BGP peer in BGP session configuration. 4 DETECTING TIGER ATTACKS: ANTI- TIGER 4.1 Challenges in Detecting TIGER 1) Valid signatures for forged routing paths. TIGER attacks allow colluding ASes to generate fake links with valid signatures with traditional secure BGP proposals [15], [20], [26], [32], [35], thus produced forged routing paths also have valid signatures from the point view of victim ASes. Therefore, these fake routing paths can be successfully verified and adopted by the ASes deployed with the existing secure BGP proposals, e.g., S-BGP and BGPsec. 2) Tunneled forged routing paths. Traditional routing anomaly detection schemes use probing packets to check the data-plane availability and consistency between control- and data-planes. Under TIGER attacks, all traffic including probing packets from victim ASes to the specific destinations are tunneled and hijacked by colluding ASes. Hence, all intermediate ASes are invisible to the victim ASes and they cannot identify any anomaly in routing by probing. Therefore, these routing anomaly detection mechanisms also cannot detect TIGER attacks. Furthermore, probing packets may be tampered by adversary ASes to evade attack detection. Hence, any detection result may not be trusted to victim ASes. 3) Verifiable data-plane availability for forged routing paths. 4.2 Overview of Anti-TIGER Key Observations There is a fundamental difference between a forged routing path generated by the TIGER attack and its genuine routing path the forged routing path uses one or more fake links produced by tunnels to deliver control- and data-plane traffic. All the intermediate ASes in the tunnel between ASx and ASy are involved in forwarding traffic from ASx to ASy or from ASy to ASx. However, if ASx-ASy is a genuine link, the traffic between ASx and ASy should be sent directly to each other Design Overview To address these issues, we propose Anti- TIGER, a monitoring service deployed in each AS to detect TIGER attacks. After deployed, Anti-TIGER connects the BGP routers in the AS to learn routing updates and monitors the traffic delivered by them, which is similar to deployment of route view routers to monitor routing updates [4]. 5 DESIGN OF ANTI-TIGER 5.1 NAG Construction Anti-TIGER constructs the NAG of each AS with AS-level topology according to routing updates with different prefixes (destinations), which is similar to existing AS graph construction schemes for routing attack detection [12]. 5.2 Suspicious Traffic Detection In Anti-TIGER, two types of traffic are treated as suspicious traffic: the traffic is apparently tunneled by tunnel protocols, such as IP-in-IP tunnels [29], GRE tunnels [12], and L2TP tunnels [31], or the traffic is manipulated and the traffic payload cannot be identified, e.g., payloads are encrypted. These traffic can be easily identified by the existing techniques, such as Netflow [3] DSSS-Based Packet Watermarking Anti-TIGER uses Direct Sequence Spread Spectrum [33] to transport watermark TIGER detection traffic between ASes. With this technique, the detection traffic is embedded into normal data flow such that only desired ASes can identify and capture the information captured in the watermark. This evades the interference from possible colluding ASes during detection TIGER Detection Protocol In order to accurately and robustly detect TIGER attacks, we use a three-way protocol in TIGER identification, which includes two rounds of challenge and response operations. (i) Synchronization. Intermediate AS ASi that has detected suspicious traffic uses PN code Pt to encode 91
3 atermark and send report traffic to the closest victim AS ASz that appears in its NAG. Consider that encoding watermark into normal user traffic may add jitter to the traffic, ASi can generate and encode traffic to different specific destinations and ensure that all these traffic gets into ASz. Since the watermarked traffic is disguised as normal legitimate traffic, the colluding AS (ASy) cannot detect this communication. (ii) Acknowledgement. ASz receives the watermarked traffic and uses pre-shared PN code to decode the watermark. In general, they can use a set of PN codes to decode the watermarked traffic in parallel. Successful traffic decoding means that both ASes use the correct Pr (where Pt ¼ Pr) in the set of PN codes. Then, ASz can easily identify the sending AS. As acknowledgement, ASz generates a watermark and encodes it into traffic with PN code P0 t. The traffic destination ensures that ASi can capture the traffic. (iii) Identification. ASi captures the watermarked acknowledgement traffic from ASz using PN code P TIGER Defense Once an AS notices that it is a victim AS under a TIGER attack, its Anti-TIGER service generates a routing update to the BGP routers within the same AS. These routers can modify their routing policies by filtering routing updates to corresponding destinations, e.g., ASy in Fig. 3. This timely defends against the forged routing paths announced by ASy, and triggers routing path reselection, e.g., by assigning low preference values to the forged routing path in its routing table [16]. 5.5 Attacks to Anti-TIGER Routing Inconsistency Attack Since Anti- TIGER leverages routing graphs for attack detection, it may be vulnerable to routing inconsistency attacks proposed in [14], where ASes announce shorter routing paths while using longer routing paths. Countermeasure. The detection mechanisms used in Anti- TIGER can be used to identify the routing inconsistency attacks. Similar to TIGER attacks, the routing inconsistency attacks cannot be prevented by existing secure BGP proposals since an announced shorter routing path in these attacks is authentic. It assume that link AS3-AS6 really exists. By launching an attack, AS3 announces the routing path {AS3, AS6} but uses the routing path {AS3, AS4, AS8, AS7, AS6}. Although the announced shorter routing path has correct routing signatures, the routing path is still not legitimate because the routing path is not used for data forwarding. It is easy to see that the victim AS1 and the intermediate AS4 can collaborate to detect the routing inconsistency attacks using our three-way detection protocol Random Packet Delaying and Dropping Colluding ASes may randomly increase traffic jitter or drop some traffic between intermediate ASes and victim ASes so that they can interfere in TIGER detection over convert channels between them. sending to interfere in communications between intermediate ASes and victim ASes. Countermeasure. Normally, each AS in the Internet is at least two-connected [9], [14], [12], which means that one AS cannot completely control the connectivity of its customer ASes (i.e., downstream ASes). That is, it can select more than one neighbor to send watermarked traffic according its NAG. Note that, the traffic watermarked by PN code P0 r at a victim AS at the acknowledgement stage should be directly sent to a colluding AS to infer TIGER existence. The watermarked traffic can be set with different destinations and sent to different neighbors to guarantee that the corresponding ASes can receive the signals and reduce the possibility of interference from colluding ASes Routing Dropping Attack In order to evade detections by Anti-TIGER deployed in intermediate ASes, colluding ASes can maliciously drop routing updates such that the intermediate ASes cannot construct complete NAGs. Countermeasure. Basically, as we discussed above, each AS in the Internet is at least two-connected, thus it can easily learn the link connecting colluding ASes and victim ASes by routing updates from other ASes. Hence, the effectiveness of this attack is limited. Actually, colluding ASes do not have incentives to launch such type of attacks because it may not have any effectiveness but impact their own routes. Specifically, to achieve routing dropping attacks, colluding ASes want to drop routing updates from all their direct and indirect downstream ASes that specify the existence of the links connecting the colluding and victim ASes. 7 EXPERIMENTAL EVALUATION OF TIGER AND ANTI-TIGER CAPABILITY 7.1 Methodology Internet topology. We use two different measured Internet AS topologies in our experiments. 92
4 We use the measured 830- node AS topology from the SSFNet project that is obtained from BGP routing table,3 which is referred to as the 830-set topology, and the measured real Internet AS topology from a CAIDA dataset4 to generate the graph of ASes. In the CAIDA topology, we focus on all the 34 ASes that contribute to the Router-Views repository and their neighbor ASes, which is referred to as the rv-set topology. These two topologies include tier-1 ASes, tier-2 ASes and other ASes, and the relationships between these ASes can set according to the CAIDA AS relationship report. Due to the limitations of inferring AS relationships [10], [11], the Internet AS topology constructed from CAIDA includes many isolated links. We remove these links in our experiments, and the resulting AS topology forms a sparse graph. Table 1 shows the number of links in these two subgraphs. Even though with these two subgraphs, we already obtain interesting observation and validate Anti-TIGER s effectiveness. It simulate BGP routing polices on the Internet topology according to Gao-Rexford conditions [13]. Basically, ASes prefer routes from their customer ASes over from their peer ASes, and prefer routes from peer ASes over from provider ASes. For routes announced by the same type of ASes, they adopt routes with shorter path length. With these routing policies, each AS node can compute its routing paths to the rest of the Internet. Note that, due to the routing policy constraints, the graphs cannot ensure connectivity between all node pairs. TIGER attacks. We use three different strategies to launch TIGER attacks. We select 10 AS pairs with different outdegree in the 830-set and rv-set subgraph as colluding ASes to launch TIGER attacks. We select 20 ASes with high and low outdegrees, and randomly select 10 AS pairs as well, which are referred to as high-attack, low-attack, random-attack, respectively. These ASes complies with the constraints that they have more than three neighbors. We investigate the number of ASes in the graph that are impacted by the attacks and measure the number of routing paths in each node that are hijacked by the TIGER attacks. Anti-TIGER. In the experiments, we assume that all ASes deploy Anti-TIGER services and each AS builds its own NAG. Traffic between colluding ASes downstream ASes is delivered by the intermediate ASes concealed by the colluding ASes. We also assume that the colluding ASes delivery traffic hijacked from the victim ASes, which ensures that intermediate ASes can catch the tunneled traffic. In particular, we evaluate the effectiveness of Anti- TIGER with collaborations between all intermediate ASes and the victim ASes that are direct downstream nodes of the colluding ASes. 7.2 The Impacts of TIGER Attacks In this experiment, we evaluate the number of hijacked routing paths over which their traffic is hijacked. TIGER only hijacks routing paths at 17 percent nodes in the low-attack scenario. Since the colluding ASes in the scenario are lower tier ASes and has less customer ASes, and thus they hijack less routing paths. We observe that, in the random-attack and high attack scenarios, TIGER hijacks most nodes routing paths in the topology. Only about 11 percent nodes routing paths are not impacted by the TIGER attacks. There are 72 and 44 percent nodes in the rvset graph that have at least one routing path hijacked in the random-attack and high-attack scenarios. In the randomattack and high-attack scenarios, 23,932 are 108,422 routing paths are hijacked the TIGER attacks. Similar to the results in the 830-set topology, as AS in the random-attack scenario has more routing paths hijacked than ASes in the high-attack scenario. One thousand six hundred thirty three routing paths are hijacked in the AS. Note that, the number of hijacked routing paths by TIGER attacks may be restricted by the limitations of the inferred real AS topology. Many real ebgp links are missed in these AS topology [10]. These links may be highly preferred victim ASes to deliver packets. Therefore, colluding ASes may hijack more routing paths if TIGER attacks are launched in the whole Internet. 7.3 Anti-TIGER Effectiveness In this experiment, we evaluate if Anti- TIGER can effectively detect TIGER attacks and investigate the detection ratio with different depths of NAG (the x value the diameter of NAGs constructed by ASes). Recall that each AS needs to construct and maintain its NAG to identify victim ASes and then detect TIGER existence. Similarly, Anti-TIGER can achieve over 90 percent detection ratio if 2-NAG are constructed in each AS. Moreover, we evaluate the minimal diameters that ensure at least one AS can detect each hijacked routing path. We find that all hijacked routing paths can be detected by maintaining five-nag and nine- NAG in the ASes in these two AS graphs, respectively, if in absence of attacks to Anti-TIGER. We believe that Anti-TIGER can achieve similar results of TIGER detection If it is deployed in the 93
5 Internet that have more ebgp connectivity for each AS. 7.4 Effectiveness of TIGER Detection under Dropping and Delaying Attacks In this experiment, we evaluate the detection ratio in the presence of routing dropping attacks, i.e., packet dropping and delaying attacks. These attacks impact TIGER detection because colluding ASes hinder the three-way detection protocol between intermediate and victimases. Here, we consider three attack scenarios: (i) forward: packets from intermediate ASes to victim ASes are dropped or delayed by the colluding ASes; (ii) reverse: packets from victim ASes to intermediate ASes are dropped or delayed by the colluding ASes; and (iii) bidirectional: packets in both directions are dropped or delayed by the colluding ASes. We also consider the impact of x values on TIGER detections under these attacks. 7.5 Overhead of Anti-TIGER In the meanwhile, an AS needs to share PN codes with all ASes that appear in its NAGs. Normally, a smaller value of x means that a NAG constructed in the AS only includes fewer ASes, which means that a smaller overhead is required to store the PN codes shared with these ASes. In our experiment, for one AS, we use 2 bytes memory to store the PN codes shared with each of other ASes in its NAG. In the 830-set AS graph, if each AS constructs two-nag, 90 percent ASes only use less than 800 bytes to store the PN codes. For a better detection ratio, ASes need to have larger NAGs, e.g., constructing eight-nag can reach near 100 percent detection ratio (in the absence of packet dropping and delaying attacks). 9 CONCLUSION To propose TIGER attacks that successfully invalidate existing BGP security schemes, e.g., S- BGP and BGPsec. Internet ASes can easily hijack prefixes by launching TIGER attacks even though the network is fully deployed with BGP security schemes. In the meanwhile, existing routing anomaly detection schemes also fail to detect this new type of attacks. To address this issue, we propose Anti- TIGER to detect and defend against TIGER. Anti- TIGER is implemented with an efficient and robust three-way detection protocol by leveraging a traffic watermark technique, i.e., Direct Sequence Spread Spectrum. Anti-TIGER is implemented with an efficient and robust three-way detection protocol by leveraging a traffic watermark technique, i.e., Direct Sequence Spread Spectrum. Our experimental studies show that Anti-TIGER can easily and accurately identify TIGER attacks in presence of interference from adversary ASes. We hope that this paper will force a rethink of secure BGP security design and shed light on designing a secure Internet routing. REFERENCES [1] China s 18-minute mystery. [Online]. Available: com/blog/2010/11/chinas- 18-minute-mystery.shtml, [2] Defending against BGP man-in-the-middle attacks. [Online]. Available: blackhat- 09.pdf, [3] Detecting IPv6 tunnels in an enterprise network. [Online]. Available: 37/ps6553/white_p aper_c html, [4] The route view project. [Online]. Available: routeviews.org/, [5] Stealing the internet: An internet-scale man in the middle attack. [Online]. Available: dc16- presentations/defcon-16-pilosov- kapela.pdf, 2008 [6] TEAM CYMRU BGP/ASN analysis report. [Online]. Available: [7] Youtube hijacking: A RIPE NCC RIS case study. [Online]. Available: [8] H. Ballani, P. Francis, and X. Zhang, A study of prefix hijacking and interception in the internet, in Proc. Conf. Appl., Technol., Archit., Protocols Comput. Commun., 2007, pp [9] O. Bonaventure, C. Filsfils, and P. Francois, Achieving sub-50 milliseconds recovery upon BGP peering link failures, IEEE/ ACM Trans. Netw., vol. 15, no. 5, pp , Oct [10] K. Chen, D. R. Choffnes, R. Potharaju, Y. Chen, F. E. Bustamante, D. Pei, and Y. Zhao, Where the sidewalk ends: Extending the internet as graph using traceroutes from P2P users, in Proc. 5 th Int. Conf. Emerging Netw. Experiments Technol., 2009, pp [11] X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, k. claffy, and G. Riley, As relationships: Inference and validation, SIGCOMMComput. Commun. Rev., vol. 37, pp , [12] D. Farinacci, T. Li, S. Hanks, D. Meyer, and P. Traina, Generic routing encapsulation (GRE), RFC 2784, [13] L. Gao and J. Rexford, Stable internet routing without global coordination, IEEE/ACM Trans. Netw., vol. 9, no. 6, pp , Dec
6 [14] S. Goldberg, S. Halevi, A. D. Jaggard, V. Ramachandran, and R. N. Wright, Rationality and traffic attraction: Incentives for honest path announcements in BGP, in Proc. ACM Conf. Appl., Technol., Archit., Protocols Comput. Commun., 2008, pp [15] G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, and A. Rubin, Working around BGP: An incremental approach to improving security and accuracy of interdomain routing, in Proc. ISOC Netw. Distrib. Syst. Security Symp., 2003, pp [16] X. Hu and Z. M. Mao, Accurate real-time identification of IP prefix hijacking, in Proc. IEEE Symp. Security Privacy, 2007, pp [17] Y.-C. Hu, A. Perrig, and D. B. Johnson, Packet leashes: A defense against wormhole attacks in wireless networks, in Proc. Conf. Comput. Commun., 2003, pp [18] G. Huston and R. Bush, (Jun. 2011). Securing BGP with BGPsec, The ISP Column. [Online]. Available: about/ac123/ac147/archived_issues/ipj_14-2/142_bgp.html [19] J. Karlin, S. Forrest, and J. Rexford, Pretty good BGP: Improving BGP by cautiously adopting routes, in Proc. IEEE Int. Conf. Netw. Protocols, vol. 14, no. 2, 2006, pp [20] S. Kent, C. Lynn, and K. Seo, Secure border gateway protocol, IEEE J. Sel. Areas Commun., vol. 18, no. 4, pp , Apr [21] N. Kiyavash, A. Houmansadr, and N. Borisov, Multi-flow attacks against network flow watermarking schemes, in Proc. USENIX Secur. Symp., 2008, pp [22] M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang, PHAS: A prefix hijack alert system, in Proc. USENIX Secur. Symp., 2006, p. 12. [23] Q. Li, Y.-C. Hu, and X. Zhang, Even rockets cannot make pigs fly sustainably: Can BGP be secured with BGPsec? in Proc. NDSS Workshop Security Emerging Netw. Technol., 2014, pp [24] Q. Li, M. Xu, J. Wu, P. Lee, X. Shi, D.-M. Chiu, and Y. Yang, A unified approach to routing protection in IP networks, IEEE Trans. Netw. Serv. Manag., vol. 9, no. 3, pp , Sep [25] Q. Li, X. Zhang, X. Zhang, and P. Su, Invalidating idealized BGP security proposals and countermeasure es, Graduate School at Shenzhen, Tsinghua University, Shenzhen, China, Tech. Rep No , [26] E. M. Lepinski, BGPSEC Protocol Specification, Internet-Draft draftietf- sidr-bgpsec-protocol-03.txt, IETF Secretariat, May [27] Y. J. Pyun, Y. Park, D. S. Reeves, X. Wang, and P. Ning, Intervalbased flow watermarking for tracing interactive traffic, Comput. Netw., vol. 56, pp , [28] Y. Rekhter, T. Li, and S. Hares, A border gateway protocol 4 (BGP-4), RFC 4271, [29] W. Simpson, IP in IP tunneling, RFC 1853, [30] L. Subramanian, V. Roth, I. Stoica, S.Shenker, and R. Katz, Listen and whisper: Security mechanisms for BGP, in Proc. 1st Symp. Netw. Syst. Design Implementation, 2004, p
Even Rockets Cannot Make Pigs Fly Sustainably: Can BGP be Secured with BGPsec?
Even Rockets Cannot Make Pigs Fly Sustainably Can BGP be Secured with BGPsec? Qi Li ETH Zurich qi.li@inf.ethz.ch Yih-Chun Hu UIUC yihchun@illinois.edu Xinwen Zhang Huawei Research xinwenzhang@gmail.com
More informationEvaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System
Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System Evaluation of Prefix Hijacking Impact Based on Hinge-Transmit Property of BGP Routing System School of Computer,
More informationSecuring BGP Networks using Consistent Check Algorithm
Securing BGP Networks using Consistent Check Algorithm C. K. Man, K.Y. Wong, and K. H. Yeung Abstract The Border Gateway Protocol (BGP) is the critical routing protocol in the Internet infrastructure.
More informationMeasuring and Analyzing on Effection of BGP Session Hijack Attack
Measuring and Analyzing on Effection of BGP Session Hijack Attack ZHAO JINJING 1,2, LI YUANLING 1,2, LIU LI 1,2 1 National Key Laboratory of Science and Technology on Information System Security 2 Beijing
More informationBalanced Peer Lists: Towards a Collusion-Resistant BGP
Balanced Peer Lists: Towards a Collusion-Resistant BGP Yan Li Department of Computer Sciences The University of Texas at Austin Austin, Texas 78712 Email: yanli@cs.utexas.edu Mohamed G. Gouda Department
More informationThe Implementation of BGP Monitoring, Alarming, and Protecting System by a BGP-UPDATE-Based Method using ECOMMUNITY in Real Time
The Implementation of BGP Monitoring, Alarming, and Protecting System by a BGP-UPDATE-Based Method using ECOMMUNITY in Real Time Je-kuk Yun 1, Beomseok Hong 2, and Yanggon Kim 3 1 Information Technology,
More informationInter-domain routing validator based spoofing defence system
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2010 Inter-domain routing validator based spoofing defence system Lei
More informationKeywords: fingerprinting; flow watermarking; dynamic watermark; proactive network security.
2016 International Conference on Information Engineering and Communications Technology (IECT 2016) ISBN: 978-1-60595-375-5 SoftMF: A Software Defined Moving Fingerprinting Framework for Proactive Security
More informationOn the State of the Inter-domain and Intra-domain Routing Security
On the State of the Inter-domain and Intra-domain Routing Security Mingwei Zhang April 19, 2016 Mingwei Zhang Internet Routing Security 1 / 54 Section Internet Routing Security Background Internet Routing
More informationInterdomain routing CSCI 466: Networks Keith Vertanen Fall 2011
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business relationships between ASes Interdomain routing using BGP Advertisements Routing policy Integration with intradomain routing
More informationUnderstanding Resiliency of Internet Topology Against Prefix Hijack Attacks
Understanding Resiliency of Internet Topology Against Prefix Hijack Attacks Mohit Lad Ricardo Oliveira Beichuan Zhang Lixia Zhang Abstract A prefix hijack attack involves an attacker announcing victim
More informationA Configuration based Approach to Mitigating Man-inthe-Middle Attacks in Enterprise Cloud IaaS Networks running BGP
A Configuration based Approach to Mitigating Man-inthe-Middle Attacks in Enterprise Cloud IaaS Networks running BGP Stephen Brako Oti Isaac Bansah Tonny M. Adegboyega ABSTRACT Cloud IaaS service providers
More informationA DISTRIBUTED APPROACH FOR DETECTING WORMHOLE ATTACK IN WIRELESS NETWORK CODING SYSTEM
A DISTRIBUTED APPROACH FOR DETECTING WORMHOLE ATTACK IN WIRELESS NETWORK CODING SYSTEM Ms. Nivethitha N, Mr. NandhaKumar S, Ms. Meenadevi M Student, Dept. of Comp. Sci., Dhanalakshmi Srinivasan Engineering
More informationInter-domain Routing(BGP) Security [IP Prefix Hijacking] Akmal Khan
Inter-domain Routing(BGP) Security [IP Hijacking] Akmal Khan [raoakhan@mmlab.snu.ac.kr] 4-15-2010 2 Outline Introduction Types of IP Hijacking Internet Routing Data Sources Tools of the Trade Past Research
More informationNetwork Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:
Network Forensics: Network OS Fingerprinting Prefix Hijacking Analysis Scott Hand September 30 th, 2011 Outline 1 Network Forensics Introduction OS Fingerprinting 2 Prefix Hijacking Theory BGP Background
More informationBGP Security via Enhancements of Existing Practices
IEEE International Conference on Communications 2009 1 BGP Security via Enhancements of Existing Practices Xiaoliang Zhao, David T. Kao * Abstract Border Gateway Protocol (BGP) is the de-facto inter-domain
More informationVirtual Multi-homing: On the Feasibility of Combining Overlay Routing with BGP Routing
Virtual Multi-homing: On the Feasibility of Combining Overlay Routing with BGP Routing Zhi Li, Prasant Mohapatra, and Chen-Nee Chuah University of California, Davis, CA 95616, USA {lizhi, prasant}@cs.ucdavis.edu,
More informationAn Expectation-Based Approach to Policy-Based Security of the Border Gateway Protocol
2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS): GI 2016: 9th IEEE Global Internet Symposium An Expectation-Based Approach to Policy-Based Security of the Border Gateway Protocol
More informationSecuring the Internet at the Exchange Point Fernando M. V. Ramos
Securing the Internet at the Exchange Point Fernando M. V. Ramos 18.09.2017 Securing the Internet at the Exchange Point Fernando M. V. Ramos 18.09.2017 There are vulnerabilities in the Internet architecture
More informationNetwork Security: Routing security. Aapo Kalliola T Network security Aalto University, Nov-Dec 2012
Network Security: Routing security Aapo Kalliola T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Structure of internet 2. Routing basics 3. Security issues 4. Attack 5. Solutions
More informationAn Efficient Algorithm for AS Path Inferring
An Efficient Algorithm for AS Path Inferring Yang Guoqiang and Dou Wenhua National Univernity of Defence Technololy, China yanggq@nudt.edu.cn Abstract Discovering the AS paths between two ASes are invaluable
More informationAn Analysis on Selective Dropping Attack in BGP
An Analysis on Selective Dropping Attack in BGP Ke Zhang Department of Computer Science University of California, Davis Email: kezhang@ucdavisedu Xiaoliang Zhao USC/ISI Email: xzhao@isiedu SFelix Wu Department
More informationAparna Rani Dept. of Computer Network Engineering Poojya Doddappa Appa College of Engineering Kalaburagi, Karnataka, India
Capturing the Origins of IP Spoofers Using Passive IP Traceback Aparna Rani Dept. of Computer Network Engineering Poojya Doddappa Appa College of Engineering Kalaburagi, Karnataka, India aparna.goura@gmail.com
More informationA Survey of BGP Security Review
A Survey of BGP Security Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being interesting Border
More informationDetection of Invalid Routing Announcement in the Internet Λ
Detection of Invalid Routing Announcement in the Internet Λ Xiaoliang Zhao, Dan Pei, Lan Wang, Dan Massey, Allison Mankin, S. Felix Wu,Lixia Zhang y Abstract Network measurement has shown that a specific
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
Gayatri Chavan,, 2013; Volume 1(8): 832-841 T INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK RECTIFIED PROBABILISTIC PACKET MARKING
More informationListen and Whisper: Security Mechanisms for BGP
Listen and Whisper: Security Mechanisms for BGP Lakshminarayanan Subramanian UC Berkeley Joint work with: Volker Roth, Ion Stoica, Scott Shenker, Randy Katz BGP Route Verification BGP speakers blindly
More informationExperience with SPM in IPv6
Experience with SPM in IPv6 Mingjiang Ye, Jianping Wu, and Miao Zhang Department of Computer Science, Tsinghua University, Beijing, 100084, P.R. China yemingjiang@csnet1.cs.tsinghua.edu.cn {zm,jianping}@cernet.edu.cn
More informationVarious Anti IP Spoofing Techniques
Various Anti IP Spoofing Techniques Sonal Patel, M.E Student, Department of CSE, Parul Institute of Engineering & Technology, Vadodara, India Vikas Jha, Assistant Professor, Department of CSE, Parul Institute
More informationTowards A Practical and Effective BGP Defense System
Towards A Practical and Effective BGP Defense System Douglas Comer, Parmjeet Singh, and Subramanian Vasudevan Abstract At the center of the Internet, major ISPs use the Border Gateway Protocol (BGP) to
More informationbgpand - Architecting a modular BGP4 Attack & Anomalies Detection Platform
bgpand - Architecting a modular BGP4 Attack & Anomalies Detection Platform Mayank Bhatnagar TechMahindra Limited, SDF B-1, NSEZ, Noida-201305, India E-mail : mayank.bhatnagar2@techmahindra.com Abstract
More informationRAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with
RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides
More informationFlooding Attacks by Exploiting Persistent Forwarding Loops
Flooding Attacks by Exploiting Persistent Forwarding Jianhong Xia, Lixin Gao, Teng Fei University of Massachusetts at Amherst {jxia, lgao, tfei}@ecs.umass.edu ABSTRACT In this paper, we present flooding
More informationBetter Interdomain Path Diversity with BGP Path Splicing
Better Interdomain Path Diversity with BGP Path Splicing Murtaza Motiwala, Nick Feamster, Santosh Vempala College of Computing, Georgia Tech 1. Introduction Today s interdomain routing protocol, Border
More informationBamboozling Certificate Authorities with BGP
Bamboozling Certificate Authorities with BGP Henry Birge-Lee Princeton University Jennifer Rexford Princeton University Yixin Sun Princeton University Prateek Mittal Princeton University Anne Edmundson
More informationProtecting DNS from Routing Attacks -Two Alternative Anycast Implementations
Protecting DNS from Routing Attacks -Two Alternative Anycast Implementations Boran Qian StudentID 317715 Abstract The Domain Names System (DNS) is an important role of internet infrastructure and supporting
More informationIncentives for Honest Path Announcement in BGP
Rationality and Traffic Attraction Incentives for Honest Path Announcement in BGP $ Sharon Goldberg Shai Halevi Aaron D. Jaggard Vijay Ramachandran Rebecca N. Wright University University SIGCOMM 2008
More informationROUTE RELIABILITY RANKING ALGORITHM FOR PREFIX HIJACKING ATTACKS IN BORDER GATEWAY PROTOCOL
VOL., NO., JUNE 5 ISSN 89-668 6-5 Asian Research Publishing Network (ARPN). All rights reserved. ROUTE RELIABILITY RANING ALGORITHM FOR PREFIX HIJACING ATTACS IN BORDER GATEWAY PROTOCOL C. Siva and S.
More informationEffective Cluster Based Certificate Revocation with Vindication Capability in MANETS Project Report
Effective Cluster Based Certificate Revocation with Vindication Capability in MANETS Project Report Mandadapu Sravya M.Tech, Department of CSE, G. Narayanamma Institute of Technology and Science. Ch.Mandakini
More informationA hybrid IP Trace Back Scheme Using Integrate Packet logging with hash Table under Fixed Storage
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 12, December 2013,
More informationMOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS
MOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS Albert Cabellos-Aparicio and Jordi Domingo-Pascual * Technical University of Catalonia, Department of Computer Architecture
More informationEnhancing the Trust of Internet Routing with Lightweight Route Attestation
1 Enhancing the Trust of Internet Routing with Lightweight Route Attestation Qi Li, Student Member, IEEE, Mingwei Xu, Member, IEEE, Jianping Wu, Fellow, IEEE, Xinwen Zhang, Member, IEEE, Patrick P. C.
More informationPreventing Attacks on BGP Policies: One Bit is Enough
Preventing Attacks on BGP Policies: One Bit is Enough Srikanth Sundaresan, Robert Lychev, Vytautas Valancius Georgia Institute of Technology {srikanth, robert.lychev, valas}@gatech.edu Technical Report
More informationAS-CRED: Reputation Service for Trustworthy Inter-domain Routing
AS-CRED: Reputation Service for Trustworthy Inter-domain Routing Krishna Venkatasubramanian Computer and Information Science University of Pennsylvania ONR MURI N00014-07-1-0907 Review Meeting June 10,
More informationAvoiding Blackhole Attacks Using CBDA Approach in MANETS
Avoiding Blackhole Attacks Using CBDA Approach in MANETS Aurhors- Ms.Shireen S, Mr.Kiranbabu T S, Assit.prof. Abstract: In mobile ad hoc networks the main requirement is building the connection between
More informationSCION: Scalability, Control and Isolation On Next-Generation Networks
SCION: Scalability, Control and Isolation On Next-Generation Networks Xin Zhang, Hsu-Chun Hsiao, Geoff Hasker, Haowen Chan, Adrian Perrig, David Andersen 1 After years of patching, the Internet is Reliable
More informationCNT Computer and Network Security: BGP Security
CNT 5410 - Computer and Network Security: BGP Security Professor Kevin Butler Fall 2015 Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means
More informationMITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES
MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES 1 Kalavathy.D, 2 A Gowthami, 1 PG Scholar, Dept Of CSE, Salem college of engineering and technology, 2 Asst Prof, Dept Of CSE,
More informationA Secure Cooperative Bait Detection Approach for Detecting and Preventing Black Hole Attacks In MANETS Using CBDS Shireen Sultana 1, Swati Patil 2
A Secure Cooperative Bait Detection Approach for Detecting and Preventing Black Hole Attacks In MANETS Using CBDS Shireen Sultana 1, Swati Patil 2 1 PG Student, Department of Computer Science and Engineering,
More informationIntroducción al RPKI (Resource Public Key Infrastructure)
Introducción al RPKI (Resource Public Key Infrastructure) Roque Gagliano rogaglia@cisco.com 4 Septiembre 2013 Quito, Equator 2011 Cisco and/or its affiliates. All rights reserved. 1 Review of problem to
More informationSecurity in inter-domain routing
DD2491 p2 2011 Security in inter-domain routing Olof Hagsand KTH CSC 1 Literature Practical BGP pages Chapter 9 See reading instructions Beware of BGP Attacks (Nordström, Dovrolis) Examples of attacks
More informationOn the Characteristics of BGP Multiple Origin AS Conflicts
1 On the Characteristics of BGP Multiple Origin AS Conflicts Kwan-Wu Chin School of Electrical, Computer and Telecommunications Engineering University of Wollongong Northfields Avenue, NSW, Australia kwanwu@uow.edu.au
More informationComprehensive Solution for Anomaly-free BGP
Comprehensive Solution for Anomaly-free BGP Ravi Musunuri, Jorge A. Cobb Department of Computer Science, The University of Texas at Dallas, Richardson, TX-7083-0688 musunuri, cobb @utdallas.edu Abstract.
More informationTDMA-Based Detection of Packet Modification Attacks in Wireless Sensor Networks 1
, pp.40-46 http://dx.doi.org/10.14257/astl.2016.142.07 TDMA-Based Detection of Packet Modification Attacks in Wireless Sensor Networks 1 Hae Young Lee and Hyung-Jong Kim Department of Information Security
More informationComputer Science 461 Final Exam May 22, :30-3:30pm
NAME: Login name: Computer Science 461 Final Exam May 22, 2012 1:30-3:30pm This test has seven (7) questions, each worth ten points. Put your name on every page, and write out and sign the Honor Code pledge
More informationJu-A A Lee and Jae-Hyun Kim
Ju-A A Lee and Jae-Hyun Kim Wireless Information & Network Engineering Research Lab, Korea {gaia, jkim}@ajou.ac.kr Abstract. IEEE 802.11i standard supports a secure access control for wireless LAN and
More informationInternet measurements: topology discovery and dynamics. Renata Teixeira MUSE Team Inria Paris-Rocquencourt
Internet measurements: topology discovery and dynamics Renata Teixeira MUSE Team Inria Paris-Rocquencourt Why measure the Internet topology? Network operators Assist in network management, fault diagnosis
More informationCS 204: BGP. Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social Sciences
CS 204: BGP Jiasi Chen Lectures: MWF 12:10-1pm Humanities and Social Sciences 1403 http://www.cs.ucr.edu/~jiasi/teaching/cs204_spring17/ 1 Overview AS relationships Inter-AS routing BGP Example Paper discussion
More informationJumpstarting BGP Security. Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael Schapira
Jumpstarting BGP Security Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael Schapira Prefix hijacking Victim Path: 111 AS X AS 111 Boston University BGP Ad. AS 666 Data flow 2 Prefix
More informationPerformance Analysis of Mobile Ad Hoc Network in the Presence of Wormhole Attack
Performance Analysis of Mobile Ad Hoc Network in the Presence of Wormhole Attack F. Anne Jenefer & D. Vydeki E-mail : annejenefer@gmail.com, vydeki.d@srmeaswari.ac.in Abstract Mobile Ad-Hoc Network (MANET)
More informationRealizing a Source Authentic Internet
Realizing a Source Authentic Internet Toby Ehrenkranz 1, Jun Li 1, and Patrick McDaniel 2 1 Department of Computer and Information Science University of Oregon Eugene, OR 97403 USA tehrenkr,lijun@cs.uoregon.edu
More informationCollaborative Verification of Forward and Reverse Reachability in the Internet Data Plane
204 IEEE 22nd International Conference on Network Protocols Collaborative Verification of Forward and Reverse Reachability in the Internet Data Plane Hongkun Yang and Simon S. Lam Department of Computer
More informationIPv4 Care-of Address Registration for IPv4 Support on the NEMO Basic Support Protocol
IPv4 Care-of Address Registration for IPv4 Support on the NEMO Basic Support Protocol Ryuji Wakikawa Carl Williams Keisuke Uehara Jun Murai Keio University. Graduate School of Media and Governance KDDI
More informationA Survey of BGP Security: Issues and Solutions
A Survey of BGP Security: Issues and Solutions Butler, Farley, McDaniel, Rexford Kyle Super CIS 800/003 October 3, 2011 Outline Introduction/Motivation Sources of BGP Insecurity BGP Security Today BGP
More informationAutonomous Security for Autonomous Systems
Autonomous Security for Autonomous Systems Josh Karlin, Stephanie Forrest, and Jennifer Rexford Abstract The Internet s interdomain routing protocol, BGP, supports a complex network of Autonomous Systems
More informationToward Valley-Free Inter-domain Routing
Toward Valley-Free Inter-domain Routing Sophie Y. Qiu, Patrick D. McDaniel, and Fabian Monrose Dept. of CS, Johns Hopkins University Dept. of CSE, Pennsylvania State University {yuqiu,fabian}@cs.jhu.edu
More informationNetwork Policy Enforcement
CHAPTER 6 Baseline network policy enforcement is primarily concerned with ensuring that traffic entering a network conforms to the network policy, including the IP address range and traffic types. Anomalous
More information[Nitnaware *, 5(11): November 2018] ISSN DOI /zenodo Impact Factor
[Nitnaware *, 5(11): November 218] ISSN 2348 834 DOI- 1.5281/zenodo.1495289 Impact Factor- 5.7 GLOBAL JOURNAL OF ENGINEERING SCIENCE AND RESEARCHES INVESTIGATION OF DETECTION AND PREVENTION SCHEME FOR
More information@IJMTER-2016, All rights Reserved ,2 Department of Computer Science, G.H. Raisoni College of Engineering Nagpur, India
Secure and Flexible Communication Technique: Implementation Using MAC Filter in WLAN and MANET for IP Spoofing Detection Ashwini R. Vaidya 1, Siddhant Jaiswal 2 1,2 Department of Computer Science, G.H.
More informationAnalysis of Black-Hole Attack in MANET using AODV Routing Protocol
Analysis of Black-Hole Attack in MANET using Routing Protocol Ms Neha Choudhary Electronics and Communication Truba College of Engineering, Indore India Dr Sudhir Agrawal Electronics and Communication
More informationAn Approach to Addressing ARP Spoof Using a Trusted Server. Yu-feng CHEN and Hao QIN
2017 2nd International Conference on Communications, Information Management and Network Security (CIMNS 2017) ISBN: 978-1-60595-498-1 An Approach to Addressing ARP Spoof Using a Trusted Server Yu-feng
More informationRouting Security We can do better!
Routing Security We can do better! And how MANRS can help Andrei Robachevsky robachevsky@isoc.org 1 No Day Without an Incident 120 6 month of suspicious activity 90 60 Hijack Leak 30 0 1/5/17 1/16/17 1/27/17
More informationBGP Security. Kevin s Attic for Security Research
Kevin s Attic for Security Research kevinkoo001@gmail.com Table 1. BGP Operation (1): Concept & Topology 2. BGP Operation (2): Message Exchange, Format and Path Decision Algorithm 3. Potential Attacks
More informationDetection of Wormhole Attacks in Wireless Sensor Networks
Detection of Wormhole Attacks in Wireless Sensor Networks Ms Shweta Dalke RGPV: Electronics & Communication,Truba College of Engineering & Technology,Indore,INDIA Ms Pallavi Pahadiya RGPV: Electronics
More informationProf. N. P. Karlekar Project Guide Dept. computer Sinhgad Institute of Technology
Volume 4, Issue 7, July 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Advance Deterministic
More informationReview for Chapter 4 R1,R2,R3,R7,R10,R11,R16,R17,R19,R22,R24, R26,R30 P1,P2,P4,P7,P10,P11,P12,P14,P15,P16,P17,P22,P24,P29,P30
Review for Chapter 4 R1,R2,R3,R7,R10,R11,R16,R17,R19,R22,R24, R26,R30 P1,P2,P4,P7,P10,P11,P12,P14,P15,P16,P17,P22,P24,P29,P30 R1. Let s review some of the terminology used in this textbook. Recall that
More informationHow Secure are. BGP Security Protocols? Sharon Goldberg Microsoft Research & Boston University. Michael Schapira. Pete Hummon AT&T Research
How Secure are NANOG 49, San Francisco Tuesday June 15 2010 BGP Security Protocols? Sharon Goldberg Microsoft Research & Boston University Michael Schapira Princeton University Yale & Berkeley Pete Huon
More informationMs A.Naveena Electronics and Telematics department, GNITS, Hyderabad, India.
Dynamic Training Intrusion Detection Scheme for Blackhole Attack in MANETs Ms A.Naveena Electronics and Telematics department, GNITS, Hyderabad, India. Dr. K.Rama Linga Reddy Electronics and Telematics
More informationNetworking Review & Grand Challenges
ing Review & Grand Challenges Brighten Godfrey CS 538 January 22 2018 slides 2010-2018 by Brighten Godfrey unless otherwise noted Announcements Introducing Sangeetha Key dates posted Assignment release,
More informationModule: Routing Security. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Routing Security Professor Patrick McDaniel Spring 2009 1 Routing 101 Network routing exists to provide hosts desirable paths from the source
More informationSimulating Internet Scale Topologies with Metarouting
Computer Science Technical Report Simulating Internet Scale Topologies with Metarouting Steve DiBenedetto, Andrew Stone, Michelle Strout, Dan Massey Department of Computer Science Colorado State University
More informationIdentifying Spoofed Packets Origin using Hop Count Filtering and Defence Mechanisms against Spoofing Attacks
Identifying Spoofed Packets Origin using Hop Count Filtering and Defence Mechanisms against Spoofing Attacks Israel Umana 1, Sornalakshmi Krishnan 2 1 M.Tech Student, Information Security and Cyber Forensic,
More informationLocating Prefix Hijackers using LOCK
Locating Prefix ijackers using LOCK Tongqing Qiu Georgia Tech tongqqiu@cc.gatech.edu Jia Wang AT&T Labs Research jiawang@research.att.com Lusheng Ji AT&T Labs Research lji@research.att.com Jun (Jim) Xu
More informationMANRS. Mutually Agreed Norms for Routing Security. Jan Žorž
MANRS Mutually Agreed Norms for Routing Security Jan Žorž The Problem A Routing Security Overview 2 No Day Without an Incident http://bgpstream.com/ 3 Routing Incidents Cause Real World
More informationSchool of Computer Sciences Universiti Sains Malaysia Pulau Pinang
School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content
More informationTo Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets. Xiaowei Yang Duke Unversity
To Filter or to Authorize: Network-Layer DoS Defense against Multimillion-node Botnets Xiaowei Yang Duke Unversity Denial of Service (DoS) flooding attacks Send packet floods to a targeted victim Exhaust
More informationShim6: Reference Implementation and Optimization
Shim6: Reference Implementation and Optimization Jun Bi, Ping Hu, and Lizhong Xie Network Research Center, Tsinghua University, Beijing, 100084, China junbi@tsinghua.edu.cn Abstract. Shim6 is an important
More informationAUTHENTICATION AND LOOKUP FOR NETWORK SERVICES
Vol.5, No.1, pp. 81-90, 2014 doi: 10.7903/ijecs.1040 AUTHENTICATION AND LOOKUP FOR NETWORK SERVICES Daniel J. Buehrer National Chung Cheng University 168 University Rd., Min-Hsiung Township, Chiayi County,
More informationAn Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network
An Authentication Based Source Address Spoofing Prevention Method Deployed in IPv6 Edge Network Lizhong Xie, Jun Bi, and Jianpin Wu Network Research Center, Tsinghua University, Beijing, 100084, China
More informationAccurate Real-time Identification of IP Hijacking
Accurate Real-time Identification of IP Hijacking 1 Xin Hu Z. Morley Mao University of Michigan huxin@umich.edu zmao@umich.edu Abstract In this paper, we present novel and practical techniques to accurately
More informationDISTRIBUTED HASH TABLE PROTOCOL DETECTION IN WIRELESS SENSOR NETWORKS
DISTRIBUTED HASH TABLE PROTOCOL DETECTION IN WIRELESS SENSOR NETWORKS Mr. M. Raghu (Asst.professor) Dr.Pauls Engineering College Ms. M. Ananthi (PG Scholar) Dr. Pauls Engineering College Abstract- Wireless
More informationDetecting inconsistencies in INRDB data
Detecting inconsistencies in INRDB data to identify MOAS cases and possible illegitimate Internet resource usage Peter Ruissen System and Network Engineering University of Amsterdam December 11, 2007 1
More informationBGP Anomaly Detection. Bahaa Al-Musawi PhD candidate Supervisors: Dr. Philip Branch and Prof. Grenville Armitage.
BGP Anomaly Detection Bahaa Al-Musawi PhD candidate Supervisors: Dr. Philip Branch and Prof. Grenville Armitage balmusawi@swin.edu.au Centre for Advanced Internet Architectures (CAIA) Swinburne University
More informationProtecting BGP from Invalid Paths
Protecting BGP from Invalid Paths Josh Karlin University of New Mexico karlinjf@cs.unm.edu Stephanie Forrest University of New Mexico Santa Fe Institute forrest@cs.unm.edu Jennifer Rexford Princeton University
More informationCMNTS:Catching Malicious Nodes with Trust Support in Wireless Sensor Networks
CMNTS:Catching Malicious Nodes with Trust Support in Wireless Sensor Networks Prathap U, Deepa Shenoy P and Venugopal K R Department of Computer Science and Engineering University Visvesvaraya College
More informationOn the characteristics of BGP multiple origin AS conflicts
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2007 On the characteristics of BGP multiple origin AS conflicts Kwan-Wu
More informationPRIVACY AND TRUST-AWARE FRAMEWORK FOR SECURE ROUTING IN WIRELESS MESH NETWORKS
PRIVACY AND TRUST-AWARE FRAMEWORK FOR SECURE ROUTING IN WIRELESS MESH NETWORKS 1 PRASHANTH JAYAKUMAR, 2 P.S.KHANAGOUDAR, 3 VINAY KAVERI 1,3 Department of CSE, GIT, Belgaum, 2 Assistant Professor, Dept.
More informationSybil Attack Detection with Reduced Bandwidth overhead in Urban Vehicular Networks
Sybil Attack Detection with Reduced Bandwidth overhead in Urban Vehicular Networks D.Balamahalakshmi Department of Computer Science and Engineering, V.S.B Engineering College, Karur, Tamilnadu, India 1
More informationEnhanced Routing in Mobile Adhoc Network against Denial of Service Attack
Enhanced Routing in Mobile Adhoc Network against Denial of Service Attack V.R.Nisha, S.Rajeswari Student/M.E (CSE), Sri Shanmugha College Engineering & Technology, India 1 AP/CSE, Sri Shanmugha College
More informationDoes Scale, Size, and Locality Matter? Evaluation of Collaborative BGP Security Mechanisms
Does Scale, Size, and Locality Matter? Evaluation of Collaborative BGP Security Mechanisms Rahul Hiran Linköping University, Sweden Niklas Carlsson Linköping University, Sweden Nahid Shahmehri Linköping
More information