Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.

Slides:



Advertisements
Similar presentations
QoS Strategy in DiffServ aware MPLS environment Teerapat Sanguankotchakorn, D.Eng. Telecommunications Program, School of Advanced Technologies Asian Institute.
Advertisements

Quality of Service CS 457 Presentation Xue Gu Nov 15, 2001.
Spring 2003CS 4611 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.
Spring 2000CS 4611 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.
Tiziana Ferrari Differentiated Services Test: Report1 Differentiated Service Test REPORT TF-TANT Tiziana Ferrari Frankfurt, 1 Oct.
INTERNET QOS: A BIG PICTURE XIPENG XIAO AND LIONEL M. NI, MICHIGAN STATE UNIVERSITY Jinyoung You CS540, Network Architect.
CS640: Introduction to Computer Networks Aditya Akella Lecture 20 – QoS.
CSE Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 20 – March 25, 2010.
High Speed Networks and Internets : Multimedia Transportation and Quality of Service Meejeong Lee.
Real-Time Protocol (RTP) r Provides standard packet format for real-time application r Typically runs over UDP r Specifies header fields below r Payload.
© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.10: Deploying End-to-End QoS.
IPv6 Technology and Advanced Services 19/10/2004 IPv6 Technology and Advanced Services IPv6 Quality of Service Dimitris Primpas
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CPSC Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.
Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.
1 Some QoS Deployment Issues Shumon Huque University of Pennsylvania MAGPI GigaPoP April 15th NSF/ITR Scalable QoS Workshop.
ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.
CS 268: Differentiated Services Ion Stoica February 25, 2003.
CSE 401N Multimedia Networking-2 Lecture-19. Improving QOS in IP Networks Thus far: “making the best of best effort” Future: next generation Internet.
1 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.
DiffServ QoS in internet
School of Information Technologies IP Quality of Service NETS3303/3603 Weeks
Internet QoS Syed Faisal Hasan, PhD (Research Scholar Information Trust Institute) Visiting Lecturer ECE CS/ECE 438: Communication Networks.
CSc 461/561 CSc 461/561 Multimedia Systems Part C: 3. QoS.
An Architecture for Differentiated Services
CS 268: Lecture 11 (Differentiated Services) Ion Stoica March 6, 2001.
Spring 2002CS 4611 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.
Internet Quality of Service. Quality of Service (QoS) The best-effort model, in which the network tries to deliver data from source to destination but.
24-1 Chapter 24. Congestion Control and Quality of Service part Quality of Service 23.6 Techniques to Improve QoS 23.7 Integrated Services 23.8.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Tiziana FerrariQuality of Service for Remote Control in the High Energy Physics Experiments CHEP, 07 Feb Quality of Service for Remote Control in.
{vp, sra, Security in Differentiated Services Networks Venkatesh Prabhakar Srinivas R.
QoS in MPLS SMU CSE 8344.
Integrated Services (RFC 1633) r Architecture for providing QoS guarantees to individual application sessions r Call setup: a session requiring QoS guarantees.
1 Integrated and Differentiated Services Multimedia Systems(Module 5 Lesson 4) Summary: r Intserv Architecture RSVP signaling protocol r Diffserv Architecture.
IntServ / DiffServ Integrated Services (IntServ)
CS Spring 2011 CS 414 – Multimedia Systems Design Lecture 23 - Multimedia Network Protocols (Layer 3) Klara Nahrstedt Spring 2011.
Tiziana Ferrari Quality of Service Support in Packet Networks1 Quality of Service Support in Packet Networks Tiziana Ferrari Italian.
CSE QoS in IP. CSE Improving QOS in IP Networks Thus far: “making the best of best effort”
IP QoS for 3G. A Possible Solution The main focus of this network QoS mechanism is to provide one, real time, service in addition to the normal best effort.
Quality of Service (QoS)
QOS مظفر بگ محمدی دانشگاه ایلام. 2 Why a New Service Model? Best effort clearly insufficient –Some applications need more assurances from the network.
Adaptive QoS Management for IEEE Future Wireless ISPs 通訊所 鄭筱親 Wireless Networks 10, 413–421, 2004.
IntServ Introduction and Experience. Disclaimer Intent was to have an IntServ expert do this but due to scheduling conflicts and snafus that didn’t happen.
Class-based QoS  Internet QoS model requires per session state at each router  1000s s of flows  per session RSVP is complex => reluctance.
1 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services MPLS.
Quality of Service in IP Networks Presented by: John Rick Sharing the Knowledge Behind the Network.
CSE Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 20 – March 25, 2010.
Applicazione del paradigma Diffserv per il controllo della QoS in reti IP: aspetti teorici e sperimentali Stefano Salsano Università di Roma “La Sapienza”
© Jörg Liebeherr, Quality-of-Service Architectures for the Internet Integrated Services (IntServ)
Doc.: IEEE /184 Submission Slide 1 July, 2000 Arun Ayyagari, et al Microsoft,Inc. IEEE e QoS Application Scenarios Arun Ayyagari, Yoram.
ISACA – Charlotte Chapter June 3, 2014 Mark Krawczyk, CISA, CISSP, CCNA.
© Jörg Liebeherr, Quality-of-Service Architectures for the Internet.
CS640: Introduction to Computer Networks Aditya Akella Lecture 21 – QoS.
1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.
Supporting DiffServ with Per-Class Traffic Engineering in MPLS.
NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:
Differentiated Services IntServ is too complex –More focus on services than deployment –Functionality similar to ATM, but at the IP layer –Per flow QoS.
Univ. of TehranIntroduction to Computer Network1 An Introduction Computer Networks An Introduction to Computer Networks University of Tehran Dept. of EE.
Mar-16 1 Cairo University Faculty of Engineering Electronics &Communication dpt. 4th year Linux-based Implementation Of a Router (B.Sc Graduation project)
Quality of Service Frameworks Hamed Khanmirza Principles of Network University of Tehran.
1 Lecture 15 Internet resource allocation and QoS Resource Reservation Protocol Integrated Services Differentiated Services.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Chapter 30 Quality of Service Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Advanced Computer Networks
Taxonomy of real time applications
Dynamic Management for End-to-end IP QoS
EE 122: Lecture 18 (Differentiated Services)
EE 122: Differentiated Services
CIS679: Two Planes and Int-Serv Model
Presentation transcript:

Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University

Goals Study, classify and rank vulnerabilities in a QoS enabled network. Model the various possible attacks and determine their effect on QoS experimentally. Design usable, easily deployable and configurable, adaptive/reactive safeguards for such attacks, and study the tradeoffs involved.

Proposed Research Study QoS, policy control and network security mechanisms in detail and formulate attacks possible in a QoS enabled network. Study network simulation tools, model attacks and measure damage and performance loss Implement the attacks on a QoS network test bed and evaluate damage and performance.

Proposed Research Propose recommendations for safeguards against attacks. Implement these safeguards both in simulated and actual networks. measure their performance. convert them to tools.

Possible Solutions Using trustable entities. Authentication mechanisms. Securing policy control. Constant monitoring of QoS provisioning. Proposing design changes to make QoS networks inherently secure.

Components of QoS  Resource allocation  Admission and policy control  QoS based routing  Resource reservation  Resource usage and provisioning  Traffic shaping and policing  Buffer management and scheduling  Congestion Control  Traffic monitoring and Feedback

Quality of Service

QoS Categories  Differentiated Services(DiffServ) Classification at edges Core only forwards Potential points of attack DSCP field and services based on it QoS negotiations across edge routers PHB, PHB groups, EF, AF

Components of QoS Integrated Services Best Effort Service Controlled-Load Service: Performance as good as in an unloaded datagram network. No quantitative assurances Guaranteed Service: Firm bound on data throughput and delay. Every element along the path must provide delay bound. Is not always implementable, e.g., Shared Ethernet.

Policy Control COPS protocol PEPs and PDPs and their role

Network Security Denial of service Service overloading by flooding Compromising routers by altering routing strategies Exploit flaws in software implementation Session Hijacking Masquerading Information Leakage Unauthorized resource usage (Theft of service).

Security Issues Attack Operations Inject(I), Modify(M), Delay(Dl), Drop(Dr), Eavesdrop(E) Points of Attack Policy control mechanisms Congestion control mechanisms Resource configuration in routers Resource usage in routers

Security Issues Vulnerabilities Exploited Design problems (eg. DSCP uncovered, SYN flooding) Implementation issues (poor software, buffer overflow) Interoperability issues Complementary protocols

Types of Security Breaches Theft of Service (Unauthorized use) Modifying DSCP (M) Injecting RSVP signaling messages (I) Injecting malicious configuration (I) Denial of Service Compromising routers (Dr, Dl) Re-marking packets (M) Flooding (I)

Types of Security Breaches Information Leakage About QoS policies (E) Data that goes through QoS enabled Network (E) Session Hijacking / Masquerading Seizing control of a session by injecting or maliciously modifying authentication packets (I and M)

Recommendations Building good policy mechanisms Securing PEPs like Edge routers and BBs (Authentication) Encapsulation/Encryption important fields Performing QoS measurements

Tools Monitoring Resource Allocation Monitoring signaling mechanisms Monitoring QoS negotiations Monitoring packet classifiers Monitoring Resource Usage Monitoring bandwidth utilization Monitoring remarking of service levels Monitoring routing strategies