Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.

Published byDamian Ball Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University."— Presentation transcript:

1 Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University

2 Goals Study, classify and rank vulnerabilities in a QoS enabled network. Model the various possible attacks and determine their effect on QoS experimentally. Design usable, easily deployable and configurable, adaptive/reactive safeguards for such attacks, and study the tradeoffs involved.

3 Proposed Research Study QoS, policy control and network security mechanisms in detail and formulate attacks possible in a QoS enabled network. Study network simulation tools, model attacks and measure damage and performance loss Implement the attacks on a QoS network test bed and evaluate damage and performance.

4 Proposed Research Propose recommendations for safeguards against attacks. Implement these safeguards both in simulated and actual networks. measure their performance. convert them to tools.

5 Possible Solutions Using trustable entities. Authentication mechanisms. Securing policy control. Constant monitoring of QoS provisioning. Proposing design changes to make QoS networks inherently secure.

6 Components of QoS  Resource allocation  Admission and policy control  QoS based routing  Resource reservation  Resource usage and provisioning  Traffic shaping and policing  Buffer management and scheduling  Congestion Control  Traffic monitoring and Feedback

7 Quality of Service

8 QoS Categories  Differentiated Services(DiffServ) Classification at edges Core only forwards Potential points of attack DSCP field and services based on it QoS negotiations across edge routers PHB, PHB groups, EF, AF

9

10 Components of QoS Integrated Services Best Effort Service Controlled-Load Service: Performance as good as in an unloaded datagram network. No quantitative assurances Guaranteed Service: Firm bound on data throughput and delay. Every element along the path must provide delay bound. Is not always implementable, e.g., Shared Ethernet.

11

12 Policy Control COPS protocol PEPs and PDPs and their role

13 Network Security Denial of service Service overloading by flooding Compromising routers by altering routing strategies Exploit flaws in software implementation Session Hijacking Masquerading Information Leakage Unauthorized resource usage (Theft of service).

14 Security Issues Attack Operations Inject(I), Modify(M), Delay(Dl), Drop(Dr), Eavesdrop(E) Points of Attack Policy control mechanisms Congestion control mechanisms Resource configuration in routers Resource usage in routers

15 Security Issues Vulnerabilities Exploited Design problems (eg. DSCP uncovered, SYN flooding) Implementation issues (poor software, buffer overflow) Interoperability issues Complementary protocols

16 Types of Security Breaches Theft of Service (Unauthorized use) Modifying DSCP (M) Injecting RSVP signaling messages (I) Injecting malicious configuration (I) Denial of Service Compromising routers (Dr, Dl) Re-marking packets (M) Flooding (I)

17 Types of Security Breaches Information Leakage About QoS policies (E) Data that goes through QoS enabled Network (E) Session Hijacking / Masquerading Seizing control of a session by injecting or maliciously modifying authentication packets (I and M)

18 Recommendations Building good policy mechanisms Securing PEPs like Edge routers and BBs (Authentication) Encapsulation/Encryption important fields Performing QoS measurements

19 Tools Monitoring Resource Allocation Monitoring signaling mechanisms Monitoring QoS negotiations Monitoring packet classifiers Monitoring Resource Usage Monitoring bandwidth utilization Monitoring remarking of service levels Monitoring routing strategies

Download ppt "Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University."

Similar presentations

QoS Strategy in DiffServ aware MPLS environment Teerapat Sanguankotchakorn, D.Eng. Telecommunications Program, School of Advanced Technologies Asian Institute.

QoS Strategy in DiffServ aware MPLS environment Teerapat Sanguankotchakorn, D.Eng. Telecommunications Program, School of Advanced Technologies Asian Institute.
Quality of Service CS 457 Presentation Xue Gu Nov 15, 2001.

Quality of Service CS 457 Presentation Xue Gu Nov 15, 2001.
Spring 2003CS 4611 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.

Spring 2003CS 4611 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.
Spring 2000CS 4611 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.

Spring 2000CS 4611 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.
Tiziana Ferrari Differentiated Services Test: Report1 Differentiated Service Test REPORT TF-TANT Tiziana Ferrari Frankfurt, 1 Oct.

Tiziana Ferrari Differentiated Services Test: Report1 Differentiated Service Test REPORT TF-TANT Tiziana Ferrari Frankfurt, 1 Oct.
INTERNET QOS: A BIG PICTURE XIPENG XIAO AND LIONEL M. NI, MICHIGAN STATE UNIVERSITY Jinyoung You CS540, Network Architect.

INTERNET QOS: A BIG PICTURE XIPENG XIAO AND LIONEL M. NI, MICHIGAN STATE UNIVERSITY Jinyoung You CS540, Network Architect.
CS640: Introduction to Computer Networks Aditya Akella Lecture 20 – QoS.

CS640: Introduction to Computer Networks Aditya Akella Lecture 20 – QoS.
CSE 30264 Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 20 – March 25, 2010.

CSE Computer Networks Prof. Aaron Striegel Department of Computer Science & Engineering University of Notre Dame Lecture 20 – March 25, 2010.
High Speed Networks and Internets : Multimedia Transportation and Quality of Service Meejeong Lee.

High Speed Networks and Internets : Multimedia Transportation and Quality of Service Meejeong Lee.
Real-Time Protocol (RTP) r Provides standard packet format for real-time application r Typically runs over UDP r Specifies header fields below r Payload.

Real-Time Protocol (RTP) r Provides standard packet format for real-time application r Typically runs over UDP r Specifies header fields below r Payload.
© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.10: Deploying End-to-End QoS.

© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.10: Deploying End-to-End QoS.
IPv6 Technology and Advanced Services 19/10/2004 IPv6 Technology and Advanced Services IPv6 Quality of Service Dimitris Primpas

IPv6 Technology and Advanced Services 19/10/2004 IPv6 Technology and Advanced Services IPv6 Quality of Service Dimitris Primpas
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CPSC 601.43 Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.

CPSC Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.
Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.

Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.
1 Some QoS Deployment Issues Shumon Huque University of Pennsylvania MAGPI GigaPoP April 15th 2002 - NSF/ITR Scalable QoS Workshop.

1 Some QoS Deployment Issues Shumon Huque University of Pennsylvania MAGPI GigaPoP April 15th NSF/ITR Scalable QoS Workshop.
ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.

ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.
CS 268: Differentiated Services Ion Stoica February 25, 2003.

CS 268: Differentiated Services Ion Stoica February 25, 2003.
CSE 401N Multimedia Networking-2 Lecture-19. Improving QOS in IP Networks Thus far: “making the best of best effort” Future: next generation Internet.

CSE 401N Multimedia Networking-2 Lecture-19. Improving QOS in IP Networks Thus far: “making the best of best effort” Future: next generation Internet.
1 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.

1 Quality of Service Outline Realtime Applications Integrated Services Differentiated Services.

Similar presentations

Ads by Google