Evaluating security-enhanced interdomain routing protocols in full and partial deployment

Lychev, Robert D.

27 August 2014

The Internet consists of over 50 thousand smaller networks, called Autonomous Systems (ASes) (e.g., AT&T, Sprint, Google), that use the Border Gateway Protocol (BGP) to figure out how to reach each other. One way or another, we all rely on BGP because it is what glues the Internet together, but despite its crucial role, BGP remains vulnerable to propagation of bogus routing information due to malicious attacks or unintentional misconfigurations. The United States Department of Homeland Security (DHS) views BGP security as part of its national strategy for securing the Internet, and there is a big push to standardize a secure variant of BGP (S*BGP) by the Internet Engineering Task Force (IETF). However, S*BGP properties and their impact on the Internet's routing infrastructure, especially in partial deployment, have not yet been fully understood. To address this issue, in this thesis we use methodologies from applied cryptography, algorithms, and large scale simulations to study the following three key properties with respect to their deployment: 1. provable security guarantees, 2. stability in full and partial deployment with or without attackers, 3. benefits and harm resulting from full and partial deployment. With our analysis we have discovered possible security weaknesses in previously proposed secure BGP variants and suggest possible fixes to address them. Our analysis also reveals that security benefits from partially deployed S*BGP are likely to be meager, unless a significant fraction of ASes deploy it. At the same time, complex interactions between S*BGP and the insecure, legacy BGP can introduce new vulnerabilities and instabilities into the Internet's routing infrastructure. We suggest possible strategies for mitigating such pitfalls and facilitating S*BGP deployment in practice.

BGP

Secure routing

Secure multi-constrained QoS reliable routing algorithm for vehicular ad hoc networks (VANETs)

Hashem Eiza, Mahmoud

January 2014

Vehicular Ad hoc Networks (VANETs) are a particular form of wireless network made by vehicles communicating among themselves and with roadside base stations. A wide range of services has been developed for VANETs ranging from safety to infotainment applications. A key requirement for such services is that they are offered with Quality of Service (QoS) guarantees in terms of service reliability and availability. Furthermore, due to the openness of VANET’s wireless channels to both internal and external attacks, the application of security mechanisms is mandatory to protect the offered QoS guarantees. QoS routing plays an essential role in identifying routes that meet the QoS requirements of the offered service over VANETs. However, searching for feasible routes subject to multiple QoS constraints is in general an NP-hard problem. Moreover, routing reliability needs to be given special attention as communication links frequently break in VANETs. To date, most existing QoS routing algorithms are designed for stable networks without considering the security of the routing process. Therefore, they are not suitable for applications in VANETs. In this thesis, the above issues are addressed firstly by developing a link reliability model based on the topological and mathematical properties of vehicular movements and velocities. Evolving graph theory is then utilised to model the VANET communication graph and integrate the developed link reliability model into it. Based on the resulting extended evolving graph model, the most reliable route in the network is picked. Secondly, the situational awareness model is applied to the developed reliable routing process because picking the most reliable route does not guarantee reliable transmission. Therefore, a situation-aware reliable multipath routing algorithm for VANETs is proposed. Thirdly, the Ant Colony Optimisation (ACO) technique is employed to propose an Ant-based multi-constrained QoS (AMCQ) routing algorithm for VANETs. AMCQ is designed to give significant advantages to the implementation of security mechanisms that are intended to protect the QoS routing process. Finally, a novel set of security procedures is proposed to defend the routing process against external and internal threats. Simulation results demonstrate that high levels of QoS can be still guaranteed by AMCQ even when the security procedures are applied.

388.3

Secure Routing in Structured P2P Overlay : Simulating Secure Routing on Chord DHT

Kassahun, Mebratu

January 2015

Fully distributed systems offer the highest level of freedom for the users. For this reason, in today’s Internet, it is recorded that more than 50% of the packets moving in and out belong to this type of network. Huge networks of this kind are built on the top of DHTs, which follow a more structured communication compared to the other small peer-to-peer networks. Although nature always favors freedom and independ-ence, security issues force consumers to set up their network in a cen-trally controlled manner. One of security threats posed on such net-works is lookup attacks. A lookup attacks are kind of attacks which targets on disrupting the healthy routing process of the DHTs. Even though the freedom of peer-to-peer networks comes at the cost of securi-ty, it is quite attainable to make the network more secure, especially, it is quite achievable to gain performance on this level of attack according to the experiments carried out in this thesis. The secure routing techniques introduced have been found to outperform those without the techniques under investigation. The simulation performed for default Chord overly and the modified Chord, yielded interesting results, for dropper nodes, random lookup routs and colluding sub-ring attacks.

p2p

secure routing

DHT

Chord

Computer and Information Sciences

Data- och informationsvetenskap

Defense Against Node Compromise in Sensor Network Security

Chen, Xiangqian

15 November 2007

Recent advances in electronic and computer technologies lead to wide-spread deployment of wireless sensor networks (WSNs). WSNs have wide range applications, including military sensing and tracking, environment monitoring, smart environments, etc. Many WSNs have mission-critical tasks, such as military applications. Thus, the security issues in WSNs are kept in the foreground among research areas. Compared with other wireless networks, such as ad hoc, and cellular networks, security in WSNs is more complicated due to the constrained capabilities of sensor nodes and the properties of the deployment, such as large scale, hostile environment, etc. Security issues mainly come from attacks. In general, the attacks in WSNs can be classified as external attacks and internal attacks. In an external attack, the attacking node is not an authorized participant of the sensor network. Cryptography and other security methods can prevent some of external attacks. However, node compromise, the major and unique problem that leads to internal attacks, will eliminate all the efforts to prevent attacks. Knowing the probability of node compromise will help systems to detect and defend against it. Although there are some approaches that can be used to detect and defend against node compromise, few of them have the ability to estimate the probability of node compromise. Hence, we develop basic uniform, basic gradient, intelligent uniform and intelligent gradient models for node compromise distribution in order to adapt to different application environments by using probability theory. These models allow systems to estimate the probability of node compromise. Applying these models in system security designs can improve system security and decrease the overheads nearly in every security area. Moreover, based on these models, we design a novel secure routing algorithm to defend against the routing security issue that comes from the nodes that have already been compromised but have not been detected by the node compromise detecting mechanism. The routing paths in our algorithm detour those nodes which have already been detected as compromised nodes or have larger probabilities of being compromised. Simulation results show that our algorithm is effective to protect routing paths from node compromise whether detected or not.

sensor networks

security

node compromise

secure routing

key management

attack

ESPR: Efficient Security Scheme for Position-Based Routing in Vehicular Ad Hoc Networks

Alsharif, Nizar

07 1900

Vehicular Ad hoc Network (VANET) is a promising emerging technology that enables road safety, traffic management, and passengers and drivers comfort applications. Many applications require multi-hop routing; position-based routing (PBR) is a well-recognized routing paradigm that performs well in the vehicular context to enable these applications. However, there are many security challenges and various routing attacks which may prevent the deployment of PBR protocols. In this study, we propose a novel security scheme called ESPR to secure PBR protocols in VANETs. ESPR considers both digital signature and keyed Hash Message Authentication Code (HMAC) to meet the unique requirements of PBR. In ESPR, all legitimate members share a secret key. ESPR scheme applies a novel probabilistic key distribution to allow unrevoked members to update the shared secret key. Furthermore, it defines a set of plausibility checks that enables network members to detect and avoid PBR attacks autonomously. By conducting security analysis and performance evaluation, ESPR scheme demonstrated to outperform its counterparts in terms of communication overhead and delay while achieving robust and secure operation.

ESPR

Secure Routing

Position-Based Routing

VANETs Security

Electrical and Computer Engineering

ESPR: Efficient Security Scheme for Position-Based Routing in Vehicular Ad Hoc Networks

Alsharif, Nizar

07 1900

Vehicular Ad hoc Network (VANET) is a promising emerging technology that enables road safety, traffic management, and passengers and drivers comfort applications. Many applications require multi-hop routing; position-based routing (PBR) is a well-recognized routing paradigm that performs well in the vehicular context to enable these applications. However, there are many security challenges and various routing attacks which may prevent the deployment of PBR protocols. In this study, we propose a novel security scheme called ESPR to secure PBR protocols in VANETs. ESPR considers both digital signature and keyed Hash Message Authentication Code (HMAC) to meet the unique requirements of PBR. In ESPR, all legitimate members share a secret key. ESPR scheme applies a novel probabilistic key distribution to allow unrevoked members to update the shared secret key. Furthermore, it defines a set of plausibility checks that enables network members to detect and avoid PBR attacks autonomously. By conducting security analysis and performance evaluation, ESPR scheme demonstrated to outperform its counterparts in terms of communication overhead and delay while achieving robust and secure operation.

ESPR

Secure Routing

Position-Based Routing

VANETs Security

Electrical and Computer Engineering

Dynamic Trust Management for Mobile Networks and Its Applications

Bao, Fenye

05 June 2013

Trust management in mobile networks is challenging due to dynamically changing network environments and the lack of a centralized trusted authority. In this dissertation research, we design and validate a class of dynamic trust management protocols for mobile networks, and demonstrate the utility of dynamic trust management with trust-based applications. Unlike existing work, we consider social trust derived from social networks in addition to traditional quality-of-service (QoS) trust derived from communication networks to obtain a composite trust metric as a basis for evaluating trust of nodes in mobile network applications. Untreated in the literature, we design and validate trust composition, aggregation, propagation, and formation protocols for dynamic trust management that can learn from past experiences and adapt to changing environment conditions to maximize application performance and enhance operation agility. Furthermore, we propose, explore and validate the design concept of application-level trust optimization in response to changing conditions to maximize application performance or best satisfy application requirements. We provide formal proof for the convergence, accuracy, and resiliency properties of our trust management protocols. To achieve the goals of identifying the best trust protocol setting and optimizing the use of trust for trust-based applications, we develop a novel model-based analysis methodology with simulation validation for analyzing and validating our dynamic trust management protocol design. The dissertation research provides new understanding of dynamic trust management for mobile wireless networks. We gain insight on the best trust composition and trust formation out of social and QoS trust components, as well as the best trust aggregation and propagation protocols for optimizing application performance. We gain insight on how a modeling and analysis tool can be built, allowing trust composition, aggregation, propagation, and formation designs to be incorporated, tested and validated. We demonstrate the utility of dynamic trust management protocol for mobile networks including mobile ad-hoc networks, delay tolerant networks, wireless sensor networks, and Internet of things systems with practical applications including misbehaving node detection, trust-based survivability management, trust-based secure routing, and trust-based service composition. Through model-based analysis with simulation validation, we show that our dynamic trust management based protocols outperform non-trust-based and Bayesian trust-based protocols in the presence of malicious, erroneous, partly trusted, uncertain and incomplete information, and are resilient to trust related attacks. / Ph. D.

mobile networks

trust management

adaptive control

Optimization

secure routing

intrusion detection

performance analysis

Secure Routing in Intelligent Device-to-Device Communications

Elsemary, Hadeer

16 September 2016

No description available.

510

Device-to-Device (D2D) communications

Malware detection

Game theory

Secure Routing

Energy Efficient Routing

Mathematics (PPN61756535X)

An Efficient and Secure Overlay Network for General Peer-to-Peer Systems

WANG, HONGHAO

22 April 2008

No description available.

Computer Science

Peer-to-Peer

Overlay Network

Overlay Routing

Overlay Structure

Distributed Hash Table (DHT)

Network Topology

Network Aware

Network Locality

Network Proximity

Network Security

Secure Routing

System Churn