Wenqi Chen,Zhiliang Wang,Dongqi Han,Chenxin Duan,Xia Yin,Jiahai Yang,Xingang Shi

DOI: https://doi.org/10.14722/ndss.2022.24214

2022-01-01

Abstract:Securing inter-domain routing systems of the Internet from illegitimate prefix annoucements has been a great concern for the researchers and network operators.After the failure of many BGP (Border Gateway Protocol) security enhancement mechanisms to achieve extensive deployment, it is encouraging to see that the deployment of RPKI (Resource Public Key Infrastructure) is gradually increasing worldwide.For a deeper understanding of the impact of RPKI, many studies have been devoted to measuring the deployment of RPKI, including the deployment of ROA (Route Origin Authorization) and ROV (Route Origin Validation).Unlike the measurement of ROA deployment which can be directly derived from the data in RPKI repository, the measurement of ROV deployment requires more sophisticated measurement and inference techniques.However, existing work has limited measurement range, and the inference methods are either inaccurate or inefficient.In this paper, we propose a new framework, ROV-MI, for the measurement of ROV deployment, which consist of a largescale measurement infrastructure driven by in-the-wild RPKI invalid prefixes in the control plane to detect the filtering of these invalid updates with active probing in the data plane, and an efficient and accurate inference algorithm based on Bayesian inference techniques.We implement ROV-MI for measuring real-world ROV deployment and compare it to prior works, and the results show that ROV-MI can accurately infer ROV adoption of ∼10 times more ASes (Autonomous Systems) with less than 20% of the execution time compared to current stateof-the-art methods.

Zhongjian Le,Naixue Xiong,Bo Yang,Yuezhi Zhou

DOI: https://doi.org/10.1109/ipdps.2011.32

2011-01-01

Abstract:IP prefix hijacking is one of the top threats in the cloud computing Internets. Based on cryptography, many schemes for preventing prefix hijacks have been proposed. Securing binding between IP prefix and its owner underlies these schemes. We believe that a scheme for securing this binding should try to satisfy these seven critical requirements: no key escrow, no other secure channel, defending against Malicious Key Issuer (MKI) in the phase of prefix announcement, defending against MKI in the phase of key issuing, no certificate, in-band delegation attestation, and in-band public key witness. In this paper, we propose a new scheme, Origin Authentication based on Self-Certified public keys (SC-OA), using self-certified public keys to authenticate origin autonomous systems. To the best of our knowledge, it is the first work for securing prefix ownership using self-certified public keys to achieve an efficient and secure scheme that satisfies all seven requirements. The analyses show that SC-OA can defend against regular prefix, sub prefix, unassigned prefix, interception-based, and MKI hijacking, and improve performance in many aspects. It will be pushed ahead to practical deployment for preventing prefix hijacks.

Lancheng Qin,Li Chen,Dan Li,Honglin Ye,Yutian Wang

DOI: https://doi.org/10.14722/ndss.2024.24214

2024-01-01

Abstract:BGP hijacking is one of the most important threats to routing security.To improve the reliability and availability of inter-domain routing, a lot of work has been done to defend against BGP hijacking, and Route Origin Validation (ROV) has become the best current practice.However, although the Mutually Agreed Norms for Routing Security (MANRS) has been encouraging network operators to at least validate announcements of their customers, recent research indicates that a large number of networks still do not fully deploy ROV or propagate illegitimate announcements of their customers.To understand ROV deployment in the real world and why network operators are not following the action proposed by MANRS, we make a long-term measurement for ROV deployment and further find that many non-compliant networks may deploy ROV only at part of customer interfaces, or at provider or peer interfaces.Then, we present the first notification experiment to investigate the impact of notifications on ROV remediation.However, our analysis indicates that none of the notification treatments has a significant effect.After that, we conduct a survey among network operators and find that economical and technical problems are the two major classes of reasons for non-compliance.Seeking a realistic ROV deployment strategy, we perform large-scale simulations, and, to our surprise, find that not following MANRS Action 1 can lead to better defence of prefix hijacking.Finally, with all our findings, we provide practical recommendations and outline future directions to help promote ROV deployment.

Shu Yang,Wei Zhao,Yong Jiang,Mingwei Xu,Zhongxing Ming

DOI: https://doi.org/10.1007/s13042-015-0437-3

2015-01-01

International Journal of Machine Learning and Cybernetics

Abstract:Overlay routing has been widely used in Internet, mainly because of user demands for security, reliability, bandwidth, etc. Many approaches use overlay routing by deploying certain number of overlay nodes and expose them to users. Thus, users have much more flexibility in specifying their end-to-end paths. But these benefits also bring some troubles, e.g., more serious congestions may happen on some links due to the selfish nature of network. In this paper, we adopt ROR (restricted overlay routing) which will not expose all overlay nodes to users, but provide limited number of them while considering overall performance. Different users may get different overlay nodes, and they can still make their choice according to their own demands. We carry out substantial simulations under various topologies and parameters, we show that we can achieve better performance, i.e., lower Min-max link utilization.

Mohan Kumar Chandol,M. Kameswara Rao

DOI: https://doi.org/10.1504/ijbic.2023.136099

2024-01-18

International Journal of Bio-Inspired Computation

Abstract:Internet of things (IoT) is the basis of numerous services and our daily life is based upon its availability and reliable operation. Thus, among numerous other problems, the challenge of implementing secure communication in the IoT must be addressed. Development of the fractional remora optimisation algorithm (Fr-ROA), a trust-aware routing solution for the IoT, is the main goal of this study. Here, IoT nodes are generated by IoT simulation. The Fr-ROA is developed by combining fractional calculus (FC) and the remora optimisation algorithm (ROA). It also takes into account fitness metrics including throughput, delay, throughput, distance, energy, and trust factors. Also, taken into account are the trust components, such as direct, historical, and indirect trusts. Route maintenance is done based on the link failure metric. With energy, throughput, distance, trust, and performance of 0.4218 J, 0.4222, 0.8356, and 20.18 m, respectively, the proposed Fr-ROA performed better.

computer science, artificial intelligence, theory & methods

Keran Zhang,Lei Tang,Chao Zhao,Sheng Zhong,Hangzai Luo

DOI: https://doi.org/10.1109/taes.2023.3244897

IF: 3.491

2023-01-01

IEEE Transactions on Aerospace and Electronic Systems

Abstract:The performance of packet forwarding mainly relies on the routing lookup (RL) in high-speed routers and switches. Due to the network topology change and the limited resource on aerospace devices, the RL strategy for low Earth orbiting (LEO) constellation backbone networks should be specifically designed. Targeting lower resource consumption, we first propose the perfect hash-based RL, including a perfect hash function (PHF) for metarule space compression plus random access for the output interface. A satellite perfect hash function (SPHF) algorithm is proposed to generate efficient hash functions with limited storage. For 10 000 randomized keys, the SPHF algorithm constructs 50-Kb PHFs in 3.05 ms with 538 Kb storage. Then, we design the routing-oriented hash function (RHF) algorithm by fusing the perfect hash and RL, and optimize RHF toward the hardware implementation. The RHF algorithm is robust to different RL scenarios. In the field programmable gate array (FPGA) (xc7k70t-fbv900-1) experiment with 10 000 32-bit metarules and four output interfaces, a typical RHF algorithm (RHF1) costs only 13.2 ns and 1429 equivalent look-up-table (LUTs) to lookup each packet under 312.5 MHz clock frequency. Compared with most advanced ternary content addressable memory (TCAM)-based implementations, RHF1 reduces the storage and logic resources by at least an order of magnitude while keeping comparable lookup latency in the same FPGA Chip. This article provides a design mentality for the RL of low Earth orbiting constellation backbone networks.

David Zenati,Tzalik Maimon,Kobi Cohen

2024-07-26

Abstract:In the rapidly evolving landscape of wireless networks, achieving enhanced throughput with low latency for data transmission is crucial for future communication systems. While low complexity OSPF-type solutions have shown effectiveness in lightly-loaded networks, they often falter in the face of increasing congestion. Recent approaches have suggested utilizing backpressure and deep learning techniques for route optimization. However, these approaches face challenges due to their high implementation and computational complexity, surpassing the capabilities of networks with limited hardware devices. A key challenge is developing algorithms that improve throughput and reduce latency while keeping complexity levels compatible with OSPF. In this collaborative research between Ben-Gurion University and Ceragon Networks Ltd., we address this challenge by developing a novel approach, dubbed Regularized Routing Optimization (RRO). The RRO algorithm offers both distributed and centralized implementations with low complexity, making it suitable for integration into 5G and beyond technologies, where no significant changes to the existing protocols are needed. It increases throughput while ensuring latency remains sufficiently low through regularized optimization. We analyze the computational complexity of RRO and prove that it converges with a level of complexity comparable to OSPF. Extensive simulation results across diverse network topologies demonstrate that RRO significantly outperforms existing methods.

Networking and Internet Architecture

Kui Ren,Wenjing Lou,Kai Zeng,Feng Bao,Jianying Zhou,Robert H. Deng

DOI: https://doi.org/10.1016/j.comnet.2005.09.019

IF: 5.493

2005-01-01

Computer Networks

Abstract:Route Optimization (RO) in Mobile IPv6 (MIPv6) provides a mobile node (MN) the opportunity to eliminate the inefficient triangle routing with its corresponding node (CN) and therefore, greatly improves the network performance. However. in doing so. MIPv6 introduces several security vulnerabilities, and among them a major concern is the authentication and authorization of Binding Updates (BUs) during the RO process. Unauthenticated or malicious BUs open the door for many types of attacks. As every IPv6 node is expected to support MIPv6. mechanisms to secure BU will have a significant impact on the next generation Internet. In this paper, based on an in-depth analysis of the security weaknesses existing in previously proposed protocols, a light-weight BU protocol with high security strength is proposed, which makes use of public key certificate-based strong authentication technique. Another important contribution of the paper is the introduction of a novel and scalable 3-layer trust management framework, which takes advantage of IPv6 address format and home link's jurisdiction over the addresses it assigns, and thereby solves the difficult certificate issuing and management problem presented in the previous public key certificate-based solutions via trust delegation. The proposed protocol is highly efficient in term of both computation and communication costs on both MN and CN sides. An extended protocol is also proposed to explicitly support Hierarchical MIPv6 (HMIPv6).

Ch. Naveen Kumar Reddy,M. Anusha

2024-06-21

Abstract:Enhancing the routing efficacy of Flying AdHoc Networks (FANETs), a network of numerous Unmanned Aerial Vehicles (UAVs), in which various challenges may arise as a result of the varied mobility, speed, direction, and rapid topology changes. Given the special features of UAVs, in particular their fast mobility, frequent topology changes, and 3D space movements, it is difficult to transport them through a FANET. The suggested study presents a complete hybrid model: HIROL (Hybrid Intelligent Routing with Optimized Learning) that integrates the ABC (Artificial Bee Colony) algorithm, DSR (Dynamic Source Routing) by incorporating Optimized Link State Routing (OLSR) and ANNs (Artificial Neural Networks) to optimize the routing process. The HIROL optimizes link management by ABC optimization algorithm and reliably analyses link status using characteristics from OLSR and DSR; at the same time, an ANN-based technique successfully classifies connection state. In order to provide optimal route design and maintenance, HIROL dynamically migrates between OLSR and DSR approaches according to the network topology conditions. After running thorough tests in Network Simulator 2 (NS-2), when compared to more conventional DSR and OLSR models, the hybrid model HIROL performs far better in simulations and tests. An increase in throughput (3.5 Mbps vs. 3.2-3.4 Mbps), a decrease in communication overhead (15% vs. 18-20%), and an improvement in Packet Delivery Ratio (97.5% vs. 94-95.5%). These results demonstrate that the suggested HIROL model improves FANET routing performance in different types of networks.

Networking and Internet Architecture

Wei Zhang,Jun Bi,Jianping Wu,Sen Wang,Hongcheng Tian

DOI: https://doi.org/10.1145/2089016.2089040

2011-01-01

Abstract:The Internet is becoming the global digital infrastructure; however, its current architecture faces many challenges in terms of scalability, security and other aspects. For example, the BGP routing table keeps growing rapidly as the Internet scales up; Source IP address spoofing and prefix hijacking undermine the security of fundamental Internet applications. Motivated by seeking evolvable architecture solutions, we propose an enhanced inter-domain routing architecture to address these problems. In our architecture, we first introduce two routing hierarchies: local routing on specific network layer protocols/addresses and global routing on a coarser granularity in order to improve the routing scalability. The end-to-end routes are composed of local IP-level forwarding and global transit tunnels on higher routing hierarchy. Secondly we propose "pair-wise" routing on the coarser granularity which may facilitate source authentication and inter-domain accountability. On the data plane, an inter-domain path is composed of concatenated local transit tunnels within administration boundaries which should comply with corresponding local transit policies. In addition to enhanced scalability, security and accountability, our new routing architecture may facilitate Internet-wide deployment of new network layer protocols and leverage IP evolution in the long run.

Dan Wu,Zhiliang Wang,Xia Yin,Xingang Shi,Jianping Wu,Wenlong Chen

DOI: https://doi.org/10.1109/icccn.2014.6911730

2014-01-01

Abstract:Nowadays, due to the rapid growing popularity of Internet, the global routing system suffers from great scalability problem. Many solutions are proposed to solve the problem, including FIB aggregation, core/edge separation solutions, et al. The limitation of these existing solutions is that they all make the assumption that all addresses in the Internet must be globally visible and these routing information must be spread worldwide. We propose to make some network prefixes globally invisible and eliminate the routing information of these prefixes from the global routing system to further improve the scalability of the Internet. Our solution distinguishes content provider networks (containing content providers) from content consumer networks (containing only content consumers) and removes the routing information of content consumer networks. In order to cope with the communication between content consumer networks and content provider networks, we propose HSR (Hybrid Source Routing), in which source routing is used to assist network-based routing to achieve end-to-end reachability. We carry out performance evaluation by simulation, and experimental results show that if only top 1 million websites are globally visible, the visible ASes, prefixes in forwarding table and received updates can be reduced to 40%, 12% and 10%.

Joo-Hyung Park,Qin Yang,Sang-Jo Yoo

DOI: https://doi.org/10.1109/access.2024.3366280

IF: 3.9

2024-02-23

IEEE Access

Abstract:In this paper, we propose a novel RSU-assisted hybrid road-aware routing algorithm, RHRA-DRL, designed for urban vehicular networks to optimize real-time data delivery considering dynamic road conditions. The algorithm minimizes broadcast overhead and efficiently determines optimal routing paths by incorporating two key components. Firstly, a multihop road-segment reward-based ad-hoc (RRAH) routing algorithm is introduced to adaptively respond to changing vehicle topologies within road segments. Rewards are calculated based on performance metrics, and the segment reward integrates into RSU-to-RSU (R2R) routing. Secondly, a distributed Q-learning-based road-aware (DQRA) routing algorithm determines RSUs traversed during data transmission using a decentralized agent reinforcement learning approach. The combination of these algorithms in RHRA-DRL ensures effective and consistent path establishment with a unified reward system. Simulation results demonstrate the superiority of RHRA-DRL over AODV in Internet of Vehicles (IoV) networks, showcasing enhanced communication, prolonged link lifetime, rapid establishment and repair of routing paths, and reduced overhead.

computer science, information systems,telecommunications,engineering, electrical & electronic

Defang Lee,Peilin Hong,Jianfei Li

DOI: https://doi.org/10.1109/glocom.2014.7417326

2014-01-01

Abstract:In Software Defined Network(SDN), every switch contains multiple flow tables, each flow table containing multiple flow entries. The number of flow entries determines the number of flows that can be forwarded by the switch. Link resources(like bandwidth) is no longer the only one to be considered when routing because node resources(like flow table) may also cause network bottlenecks. Moreover, from a view of network traffic, different flows have different preference to these network resources. In this paper, we use Analytic Hierarchy Process to analysis the characteristics of network traffic, then based on K-shortest path algorithm, a novel Resource Preference Aware Routing Algorithm, simplified as RPA-RA, is proposed. RPA-RA selects the most proper path for a flow from k shortest paths by considering the resource preference of the flows. The aim is to balance the usage of link bandwidth and the flow table simultaneously when routing, so that the network can accept and process more flows. At last, our algorithm is validated with POX and Mininet. The simulation results show that RPA- RA can balance the usage of the flow table and bandwidth, result in fewer resource bottlenecks, and make the network accept more flows relatively.

Wu Shaochuan,Tan Xuezhi,Jia Shilou

DOI: https://doi.org/10.1109/icccas.2006.284954

2006-01-01

Abstract:A hybrid routing protocol named AOHR (AODV and OLSR Hybrid Routing) for mobile Ad Hoc networks is proposed in this paper. In AOHR, each node maintains topology information of a zone with radius not larger than a set value. By the proactive property of OLSR, when a node wants to communicate with another node within its zone, packets can be transmitted directly. Otherwise, a routing request procedure will be invoked by the reactive property of AODV. In addition, AOHR utilizes MPRs (Multipoint Relays) to reduce overheads of route requests. This paper also proposes dynamic zone radius maintenance for AOHR to dynamically adapt to various scenarios. Analysis and simulation results show that AOHR combines the characters of high data delivery fraction, low overheads, and short delay in AODV with the characters of optimized routing length in OLSR, which means that AOHR is immune from topological structures.

Jun He,Yahui Li,Han Zhang,Changqing An,Jilong Wang

DOI: https://doi.org/10.1109/iscc61673.2024.10733564

2024-01-01

Abstract:BGP has been threatened by prefix hijacking attacks due to the lack of authentication mechanisms. In recent years, many ASes have begun to participate in RPKI deployment to improve Internet security jointly. Some researchers have studied how to measure the actual deployment of ROV globally, but such works suffer from the shortcomings of small measurement coverage and insufficient accuracy. Therefore, we propose RO-VGD, a ROV measurement method based on graph difference. We collect routing path data from the control plane and data plane. Then, we rely on prefix reachability and propagation edges for ROV inference. The results show that about half of the tested ASes have ROV filtering behaviors. In addition, our method can be extended to the ROV measurement of IXPs. Through validation and analysis, we prove that our method leads to convincing results and, at the same time, has a broader coverage and better applicability than other existing methods.

Mingchuan Zhang,Changqiao Xu,Jianfeng Guan,Qingtao Wu,Ruijuan Zheng,Hongke Zhang

DOI: https://doi.org/10.1109/IWCMC.2014.6906418

2014-01-01

Abstract:Routing in mobile ad hoc networks (MANETs) is an extremely challenging issue due to the features of MANETs. In this paper, we present a novel bio-inspired hybrid routing protocol (B-iHRP) supporting multimedia delivery based on zone routing framework, ant colony optimization (ACO) and physarum autonomic optimization (PAO). B-iHRP divides network topology into a series of zones subjectively. Within a zone, the route table of central node is proactively maintained by perceptive ants which can sense link status metrics through cross-layer perception to assess the discovered routes. Among zones, perceptive ants are sent to reactively find routes to destinations as well as assess the discovered routes with the metrics by source nodes. Afterwards, B-iHRP uses PAO to select the optimal one from the found routes and optimize autonomically the local routes during the course of multi-zone communication sessions. Simulation results show how B-iHRP can achieve the effective performance compared to existing state-of-the-art algorithms.

Yingying Su,Dan Li,Li Chen,Qi Li,Sitong Ling

DOI: https://doi.org/10.14722/ndss.2024.24368

2024-01-01

Abstract:Although Resource Public Key Infrastructure (RPKI) is critical for securing inter-domain routing, we find that its key component, the RPKI Repository, is under studied.We conduct the first data-driven analysis of the existing RPKI Repository infrastructure, including a survey of worldwide AS administrators and a large-scale measurement of the existing RPKI Repository.Based on the findings of our study, we identify three key problems.Firstly, misbehaving RPKI authorities can easily manipulate RPKI objects, and Internet Number Resources holders (INRs holders) and Relying Parties (RPs) can neither prevent malicious behaviors of misbehaving authorities nor hold them accountable.Secondly, RPKI Repository is sensitive to failures: An attack or downtime of any repository Publication Point (PP) will prevent RPs from obtaining complete RPKI object views.Finally, we identify scalability issues with the current RPKI Repository, which are expected to worsen with the further deployment of Route Origin Authorization (ROA).To address these problems, we propose dRR, an architecture that enhances the security, robustness, and scalability of the RPKI Repository while being compatible with standard RPKI.By introducing two new entities: Certificate Servers (CSs) and Monitors, dRR forms a decentralized federation of CSs, which enables the RPKI Repository to proactively defend against malicious behavior from authorities and to tolerate PPs' failures.dRR is also scalable for future large-scale deployment.We present the design of dRR in detail and implement a prototype of dRR on a global Internet testbed spanning 15 countries.Experimental results show that, although new security features are introduced, dRR only incurs negligible latency for certificate issuance and revocation.The throughput of certificate updates achieved by dRR is 450 times higher than the current maximum RPKI certificate update frequency.

Wei Zhou,Xing Jiang,Qingsong Luo,Bingli Guo,Xiang Sun,Fengyuan Sun,Lingyu Meng

DOI: https://doi.org/10.1016/j.dcan.2022.11.016

IF: 6.348

2022-12-01

Digital Communications and Networks

Abstract:In Software-Defined Networks (SDNs), determining how to efficiently achieve Quality of Service (QoS)-aware routing is challenging but critical for significantly improving the performance of a network, where the metrics of QoS can be defined as, for example, average latency, packet loss ratio, and throughput. The SDN controller can use network statistics and a Deep Reinforcement Learning (DRL) method to resolve this challenge. In this paper, we formulate dynamic routing in an SDN as a Markov decision process and propose a DRL algorithm called the Asynchronous Advantage Actor-Critic QoS-aware Routing Optimization Mechanism (AQROM) to determine routing strategies that balance the traffic loads in the network. AQROM can improve the QoS of the network and reduce the training time via dynamic routing strategy updates; that is, the reward function can be dynamically and promptly altered based on the optimization objective regardless of the network topology and traffic pattern. AQROM can be considered as one-step optimization and a black-box routing mechanism in high-dimensional input and output sets for both discrete and continuous states, and actions with respect to the operations in the SDN. Extensive simulations were conducted using OMNeT++ and the results demonstrated that AQROM 1) achieved much faster and stable convergence than the Deep Deterministic Policy Gradient (DDPG) and Advantage Actor-Critic (A2C), 2) incurred a lower packet loss ratio and latency than Open Shortest Path First (OSPF), DDPG, and A2C, and (3) resulted in higher and more stable throughput than OSPF, DDPG, and A2C.

telecommunications

Quentin Bramas,Jean-Romain Luttringer,Pascal Mérindol

DOI: https://doi.org/10.48550/arXiv.2311.17769

2023-11-30

Abstract:Source Routing, currently facilitated by Segment Routing (SR), enables precise control of forwarding paths by specifying detours (or segments) to deviate IP packets along routes with advanced properties beyond typical shortest IGP paths. Computing the desired optimal segment lists, known as encoding, leads to interesting challenges as the number of detours is tightly constrained for hardware performance. Existing solutions either lack generality, correctness, optimality, or practical computing efficiency-in particular for sparse realistic networks. In this paper, we address all such challenges with GOFOR-SR. Our framework extends usual path computation algorithms to inherently look at optimal and feasible segment lists, streamlining the deployment of TE-compliant paths. By integrating encoding within the path computation itself and modifying the distance comparison method, GOFOR allows algorithms with various optimization objectives to efficiently compute optimal segment lists. Despite the loss of substructure optimality induced by SR, GOFOR proves particularly efficient, inducing only a linear overhead at worst. It also offers different strategies and path diversity options for intricate TE-aware loadbalancing. We formally prove the correctness and optimality of GOFOR, implement our framework for various practical usecases, and demonstrate its performance and benefits on both real and challenging topologies.

Networking and Internet Architecture

Pan Kai,Li Hui,Liu Weiyang,Zhu Zhipu,Zhu Bing

DOI: https://doi.org/10.1109/CHINACOM.2014.7054277

2015-01-01

Abstract:The over 40-year old Internet, which was designed and proposed with the intention to interconnect several computing resources across a geographically distributed user group, is now facing many unprecedented challenges especially from the increasingly abundant demands in future networks. Traditional IP protocol can hardly deal with the challenges due to the single function and low QoS. In this paper, we proposed a unified polymorphic routing method towards the Reconfigurable Network Architecture (RNA) to achieve diverse demands according to different business types. Then, a rough description of specific based routing method is given in conjunction with the stipulated packet header that is compatible with current IP. Moreover, the network business match rate of polymorphic routing for RNA is simulated to validate the effectiveness and feasibility. © 2014 IEEE.