Download presentation
Presentation is loading. Please wait.
1
Hardened Network Implementation & Simulation
2
Contents HBGP Implementation of HBGP Simulation on SSFnet Simulation Results Future Work
3
HBGP A Protocol used to propagate Hardened Network information An extension to BGP4 Hardened AS Path Keep the last and next Hardened Network information in the routing table
4
Implementation of HBGP GateD Open-source routing protocol development platform Model the operations of a human-configurable routers
5
Implementation of HBGP Modifications to GateD aspath_format aspath_attr BGP_send_update BGP_receive_update rt_add rt_change if_rtup bgp_syn_rt_change
6
Implementation of HBGP Status: Hardened Network information has been propagated correctly Modification to Routing table has been finished and under testing and debugging
7
Simulation on SSFnet SSFnet Open-source Java/C++ Internet model and simulation Protocols: IP, TCP, UDP, BGP4, OSPF, and others network elements: hosts, routers, links, LANs
8
Simulation on SSFnet Modification on SSFnet BGP package Constructing Hardened AS Path information Parsing Hardened AS Path information Routing table package Inserting last and next Hardened ASes information IP package Retrieving last Hardened AS Encrypting/decrypting Gathering information
9
Simulation on SSFnet Controller Analysis information Setting up the normal pattern Detecting attack Responding to abnormal behavior Restoring the traffic
10
Simulation Configuration
11
Simulated Performance (RC4) TABLE 1. HARDEN-BACKBONE-ROUTER (RC4) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 2 routers0.00055880.00060200.0000432 3 routers0.00062500.00067120.0000462 4 routers0.00097530.00102710.0000518 5 routers0.00121390.00125720.0000433 6 routers0.00179690.00184500.0000481 7 routers0.00214660.00220150.0000549 8 routers0.00239380.00244900.0000522 9 routers0.00281090.00287600.0000651 10 routers 0.00335930.00340440.0000451 TABLE 4. HARDEN-END-ROUTER (RC4) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers0.00066480.00070160.0000368 4 routers0.00097780.00101890.0000411 5 routers0.00134230.00140500.0000627 6 routers0.00179270.00181650.0000238 7 routers0.00199000.00202230.0000323 8 routers0.00228000.00230540.0000254 9 routers0.00278560.00282720.0000416 10 routers0.00335930.00338430.0000250
12
Simulated Performance (BLOWFISH) TABLE 2. HARDEN-BACKBONE-ROUTER (BLOWFISH) Normal Transp. Time(S.) Hardened Transp. Time (S.) Overhead (S.) 2 routers0.00055880.00067650.0001177 3 routers0.00062500.00075530.0001303 4 routers0.00097530.00109930.0001240 5 routers0.00121390.00138010.0001662 6 routers0.00179690.00193500.0001381 7 routers0.00214660.00228060.0001340 8 routers0.00239380.00254610.0001525 9 routers0.00281090.00296000.0001491 10 routers 0.00335930.00351680.0001575 TABLE 5. HARDEN-END-ROUTER (BLOWFISH) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers0.00066480.00079000.0001252 4 routers0.00097780.00112910.0001513 5 routers0.00134230.00150430.0001620 6 routers0.00179270.00192010.0001274 7 routers0.00199000.00210800.0001180 8 routers0.00228000.00236730.0000873 9 routers0.00278560.00288930.0001037 10 routers0.00335930.00343580.0000795
13
Simulated Performance (DES) TABLE 3. HARDEN-BACKBONE-ROUTER (DES) Normal Transp. Time(S.) Hardened Transp. Time S.) Overhead (S.) 2 routers0.00055880.00097510.0004163 3 routers0.00062500.00101390.0003889 4 routers0.00097530.00127810.0003082 5 routers0.00121390.00158820.0003743 6 routers0.00179690.00212680.0003299 7 routers0.00214660.00249050.0003439 8 routers0.00239380.00275430.0003605 9 routers0.00281090.00316980.0003589 10 routers 0.00335930.00372860.0003693 TABLE 6. HARDEN-END-ROUTER (DES) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers0.00066480.00106090.0003957 4 routers0.00097780.00133180.0003540 5 routers0.00134230.00171270.0003704 6 routers0.00179270.00209700.0003043 7 routers0.00199000.00233000.0003400 8 routers0.00228000.00263040.0003504 9 routers0.00278560.00310150.0003159 10 routers0.00335930.00359630.0002370
14
Comparison of Performance Figure 7. Overhead Comparison of 8-router packets Figure 8. Overhead Comparison of 10-router packets
15
Simulated Detection & Response Hardened all the end routers ICMP attack targeting the host in AS12 Attackers are distributed over the three subnets
16
Simulated Detection & Response Fig. 6 Traffic Pattern at Router at AS12
17
Simulated Detection & Response Hardened the core routers ICMP attack targeting the host at AS12 Attacker also are distributed over the three subnets
18
Simulated Detection & Response Fig. 7 Traffic Pattern at Router 1 of AS1
19
Future Work Implementation Hardened AS Controller Key exchange Encryption/Decryption in IP forwarding
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.