Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardened Network Implementation & Simulation. Contents  HBGP  Implementation of HBGP  Simulation on SSFnet  Simulation Results  Future Work.

Similar presentations


Presentation on theme: "Hardened Network Implementation & Simulation. Contents  HBGP  Implementation of HBGP  Simulation on SSFnet  Simulation Results  Future Work."— Presentation transcript:

1 Hardened Network Implementation & Simulation

2 Contents  HBGP  Implementation of HBGP  Simulation on SSFnet  Simulation Results  Future Work

3 HBGP  A Protocol used to propagate Hardened Network information An extension to BGP4 Hardened AS Path Keep the last and next Hardened Network information in the routing table

4 Implementation of HBGP  GateD Open-source routing protocol development platform Model the operations of a human-configurable routers

5 Implementation of HBGP  Modifications to GateD aspath_format aspath_attr BGP_send_update BGP_receive_update rt_add rt_change if_rtup bgp_syn_rt_change

6 Implementation of HBGP  Status: Hardened Network information has been propagated correctly Modification to Routing table has been finished and under testing and debugging

7 Simulation on SSFnet  SSFnet Open-source Java/C++ Internet model and simulation Protocols: IP, TCP, UDP, BGP4, OSPF, and others network elements: hosts, routers, links, LANs

8 Simulation on SSFnet  Modification on SSFnet BGP package Constructing Hardened AS Path information Parsing Hardened AS Path information Routing table package Inserting last and next Hardened ASes information IP package Retrieving last Hardened AS Encrypting/decrypting Gathering information

9 Simulation on SSFnet Controller Analysis information Setting up the normal pattern Detecting attack Responding to abnormal behavior Restoring the traffic

10 Simulation Configuration

11 Simulated Performance (RC4) TABLE 1. HARDEN-BACKBONE-ROUTER (RC4) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 2 routers0.00055880.00060200.0000432 3 routers0.00062500.00067120.0000462 4 routers0.00097530.00102710.0000518 5 routers0.00121390.00125720.0000433 6 routers0.00179690.00184500.0000481 7 routers0.00214660.00220150.0000549 8 routers0.00239380.00244900.0000522 9 routers0.00281090.00287600.0000651 10 routers 0.00335930.00340440.0000451 TABLE 4. HARDEN-END-ROUTER (RC4) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers0.00066480.00070160.0000368 4 routers0.00097780.00101890.0000411 5 routers0.00134230.00140500.0000627 6 routers0.00179270.00181650.0000238 7 routers0.00199000.00202230.0000323 8 routers0.00228000.00230540.0000254 9 routers0.00278560.00282720.0000416 10 routers0.00335930.00338430.0000250

12 Simulated Performance (BLOWFISH) TABLE 2. HARDEN-BACKBONE-ROUTER (BLOWFISH) Normal Transp. Time(S.) Hardened Transp. Time (S.) Overhead (S.) 2 routers0.00055880.00067650.0001177 3 routers0.00062500.00075530.0001303 4 routers0.00097530.00109930.0001240 5 routers0.00121390.00138010.0001662 6 routers0.00179690.00193500.0001381 7 routers0.00214660.00228060.0001340 8 routers0.00239380.00254610.0001525 9 routers0.00281090.00296000.0001491 10 routers 0.00335930.00351680.0001575 TABLE 5. HARDEN-END-ROUTER (BLOWFISH) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers0.00066480.00079000.0001252 4 routers0.00097780.00112910.0001513 5 routers0.00134230.00150430.0001620 6 routers0.00179270.00192010.0001274 7 routers0.00199000.00210800.0001180 8 routers0.00228000.00236730.0000873 9 routers0.00278560.00288930.0001037 10 routers0.00335930.00343580.0000795

13 Simulated Performance (DES) TABLE 3. HARDEN-BACKBONE-ROUTER (DES) Normal Transp. Time(S.) Hardened Transp. Time S.) Overhead (S.) 2 routers0.00055880.00097510.0004163 3 routers0.00062500.00101390.0003889 4 routers0.00097530.00127810.0003082 5 routers0.00121390.00158820.0003743 6 routers0.00179690.00212680.0003299 7 routers0.00214660.00249050.0003439 8 routers0.00239380.00275430.0003605 9 routers0.00281090.00316980.0003589 10 routers 0.00335930.00372860.0003693 TABLE 6. HARDEN-END-ROUTER (DES) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers0.00066480.00106090.0003957 4 routers0.00097780.00133180.0003540 5 routers0.00134230.00171270.0003704 6 routers0.00179270.00209700.0003043 7 routers0.00199000.00233000.0003400 8 routers0.00228000.00263040.0003504 9 routers0.00278560.00310150.0003159 10 routers0.00335930.00359630.0002370

14 Comparison of Performance Figure 7. Overhead Comparison of 8-router packets Figure 8. Overhead Comparison of 10-router packets

15 Simulated Detection & Response  Hardened all the end routers  ICMP attack targeting the host in AS12  Attackers are distributed over the three subnets

16 Simulated Detection & Response Fig. 6 Traffic Pattern at Router at AS12

17 Simulated Detection & Response  Hardened the core routers  ICMP attack targeting the host at AS12  Attacker also are distributed over the three subnets

18 Simulated Detection & Response Fig. 7 Traffic Pattern at Router 1 of AS1

19 Future Work  Implementation Hardened AS Controller Key exchange Encryption/Decryption in IP forwarding


Download ppt "Hardened Network Implementation & Simulation. Contents  HBGP  Implementation of HBGP  Simulation on SSFnet  Simulation Results  Future Work."

Similar presentations


Ads by Google