Detecting Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego.

Slides:

Advertisements

Similar presentations

Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.

Advertisements

Stable Load Control with Load Prediction in Multipath Packet Forwarding IlKyu Park, Youngseok Lee, and Yanghee Choi Proc. 15 th IEEE Int l conf. on Information.

University of California, San Diego Fatih : Detecting and Isolating Malicious Routers Alper T Mizrak, Yu-Chung Cheng, Prof. Keith Marzullo, Prof. Stefan.

Fault-Tolerant Forwarding in the Face of Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego.

Data and Computer Communications

A Novel 3D Layer-Multiplexed On-Chip Network

1 IK1500 Communication Systems IK1330 Lecture 3: Networking Anders Västberg

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?

15-441: Computer Networking Lecture 26: Networking Future.

Wide Area Networks School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 11, Thursday 3/22/2007)

CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 13 Introduction to Networks and the Internet.

Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.

Sponsored by BellSouth, Cisco, UC Micro Program Design and Development of an MPLambdaS Simulator Jian Wang, Biswanath Mukherjee, S, J, Ben Yoo University.

User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.

Router Level Flow Control in Data Networks Stephan Bohacek University of Southern California.

Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.

A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.

A victim-centric peer-assisted framework for monitoring and troubleshooting routing problems.

Internetworking Fundamentals (Lecture #2) Andres Rengifo Copyright 2008.

CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 14 Introduction to Networks and the Internet.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How Routing Works INTRO v2.0—4-1.

Introduction to networking (Yarnfield) Introduction to routing.

CCNA Introduction to Networking 5.0 Rick Graziani Cabrillo College

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

Nodes Bearing Grudges: Towards Routing Security, Fairness, and Robustness in Mobile Ad Hoc Networks Sonja Buchegger Jean-Yves Le Boudec.

1 Highly Secure and Efficient Routing Ioannis Avramopulos, Hisashi Kobayashi Randolph Wang Arvind Krishamurthy Dept. of EE Dept. of CS Dept. of CS Dept.

1 Pertemuan 20 Teknik Routing Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

Item 2005 L A Rønningen. Reservation Model Pessimistic or Optimistic Approach 1-N Senders and 1-M Receivers Sender-oriented or Receiver-oriented Immediate.

Section 4 : The OSI Network Layer CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE.

SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

COP 5611 Operating Systems Spring 2010 Dan C. Marinescu Office: HEC 439 B Office hours: M-Wd 2:00-3:00 PM.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Chapter 24 Transport Control Protocol (TCP) Layer 4 protocol Responsible for reliable end-to-end transmission Provides illusion of reliable network to.

1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.

1 Version 3.1 Module 6 Routed & Routing Protocols.

Teknik Routing Pertemuan 10 Matakuliah: H0524/Jaringan Komputer Tahun: 2009.

Review of key networking techniques: –Reliable communication over unreliable channels –Error detection and correction –Medium access control –routing –Congestion.

Node Lookup in P2P Networks. Node lookup in p2p networks Section in the textbook. In a p2p network, each node may provide some kind of service.

 First: Data Link Layer  1. Retransmission Policy: It deals with how fast a sender times out and what it transmit upon timeout. A jumpy sender that times.

1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.

Connection-orientated Service. Connection in data networks Another type of network, such as the telephone network, was developed based on the connection.

Improving Fault Tolerance in AODV Matthew J. Miller Jungmin So.

An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.

1 Lecture 15 Internet resource allocation and QoS Resource Reservation Protocol Integrated Services Differentiated Services.

Day 13 Intro to MANs and WANs. MANs Cover a larger distance than LANs –Typically multiple buildings, office park Usually in the shape of a ring –Typically.

Langley Research Center An Architectural Concept for Intrusion Tolerance in Air Traffic Networks Jeffrey Maddalon Paul Miner {jeffrey.m.maddalon,

Chapter 10 Congestion Control in Data Networks and Internets 1 Chapter 10 Congestion Control in Data Networks and Internets.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Chapter 9 Optimizing Network Performance

Introduction to Networking

Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Department of Computer Science Northwestern University.

Detecting Denial-of-Service Attacks against Sensor Networks

Network Architecture for Cyberspace

Chapter 11. Frame Relay Background Frame Relay Protocol Architecture

Detect and Prevent Rogue Traffic in Mobile Ad Hoc Networks

CSE 313 Data Communication

OSI Reference Model Unit II

An Overview of Security Issues in Sensor Network

Computer Networks Protocols

OSI Model 7 Layers 7. Application Layer 6. Presentation Layer

Presentation transcript:

Detecting Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego

Alper T. Mızrak; University of California, San Diego2 Introduction Modern packet switched data networks. Data forwarded hop-by-hop from router to router towards destination. Routers can be compromised, To attack on the data plane: E.g. alter, misroute, drop, reorder, delay or fabricate data packets.

Alper T. Mızrak; University of California, San Diego3 Introduction Goal: Fault tolerant forwarding in the face of malicious routers. Approach: Given a routing protocol, the decisions that routers make are predictable. … so this problem is a candidate for anomaly-based intrusion detection Outline Traffic Validation Distributed Detection Countermeasure

Alper T. Mızrak; University of California, San Diego4 Traffic Validation Way to tell that traffic isnt disrupted en route Traffic Summary Information: How to concisely represent tv_info r ? The most precise description of traffic at a router an exact copy of that traffic. Many characteristics of the traffic can be summarized far more concisely: Conservation of flow: a counter Conservation of content: a set of fingerprints Conservation of content order: a list of fingerprints a b tv_info a : [f 1, f 2, f 3, f 4 ] tv_info b : [f 2, f 4, f 3 ]

Alper T. Mızrak; University of California, San Diego5 Traffic Validation In an idealized network, TV might check tv_info ri = tv_info rj However, real networks occasionally Lose packet due to congestion. Reorder packets due to internal multiplexing. Corrupt packets due to interface errors. Transport protocols deal with such problems. TV needs to notice when such behaviors become excessive. a b tv_info a : [f 1, f 2, f 3, f 4 ] tv_info b : [f 2, f 4, f 3 ]

Alper T. Mızrak; University of California, San Diego6 Distributed Detection Detect suspicious path segments, not individual routers. An FD returns a pair (, ) where is a path segment: α -Accuracy: An FD is α -Accurate if, whenever a correct router suspects (, ), then | | α and some router r was faulty during. α -Completeness: An FD is α -Complete if, whenever a router r is faulty at some time t, then all correct routers eventually suspect (, ) such that | | α r was faulty in during containing t.

Alper T. Mızrak; University of California, San Diego7 Protocol k+2 A router r monitors all path segments, : has r at one end | | k+2. k is the maximum number of adjacent faulty routers along a path. Properties: k+2 is (k 2)-Accurate: k+2 is (k 2)-Complete. Overhead: This algorithm has reasonable overhead For each forwarded packet compute a fingerprint. Each router must synchronize and authenticate with the other end of each path segment that it monitors. Only path segments between nearby routers are monitored. Dissemination of the suspected path segments can be integrated into the link state flooding mechanism.

Alper T. Mızrak; University of California, San Diego8 Response What happens as a result of a detection? Inform the administrator. Immediate action: Ideally would be part of the link state protocol. That excludes suspected path segments from the routing fabric. ab c d is suspected

Alper T. Mızrak; University of California, San Diego9 Current Status We have implemented a prototype system, called Fatih. Still work-in-progress

Alper T. Mızrak; University of California, San Diego10 The end Thank you…

Alper T. Mızrak; University of California, San Diego11 Some protocols WATCHERS [UC, Davis]: 2-accurate Not complete Highly Secure and Efficient Routing [Avrampoulos et al.]: 2-accurate 2-complete Extremely expensive: per packet monitoring, source routing, seq numbers, authentication, reserved buffers, timeouts, increase in packet size Early Detection of Message Forwarding Faults [Herzberg et al.]: 2-accurate 2-complete Suffers from the high overhead. Our own protocol k+2