Hongyan Liu,Xiang Chen,Yi Shen,Qun Huang,Zhengyan Zhou,Dong Zhang,Chunming Wu

DOI: https://doi.org/10.1109/iwqos57198.2023.10188714

2023-01-01

Abstract:In programmable networks, some networking systems coordinate data plane switches to realize in-network functions (e.g., in-band network telemetry). However, the vulnerabilities of inter-device coordination are still largely unknown and neglected, which is highly concerning given the increasing popularity of this paradigm. In this paper, we identify three attack scenarios built upon such vulnerabilities, where attackers mislead the behaviors of networking systems that exploit inter-device coordination to execute in-network functions. We implement 20 existing networking systems on Tofino-based switches and a simulator, and attack these systems with the identified attacks. The experimental results indicate that our attacks significantly interfere with the normal operations of the selected networking systems, e.g., the cache hit rate of NetCache drops 38%. Our analysis also demonstrates that none of existing methods can fully mitigate our attacks since they fail to verify the packets for inter-device coordination.

Hossen Mustafa,Xin Zhang,Zhenhua Liu,Wenyuan Xu,Adrian Perrig

DOI: https://doi.org/10.1109/tdsc.2012.69

2012-01-01

Abstract:Jamming attacks are especially harmful to the reliability of wireless communication, as they can effectively disrupt communication between any node pairs. Existing jamming defenses primarily focus on repairing connectivity between adjacent nodes. In this paper, we address jamming at the network level and focus on restoring the end-to-end data delivery through multipath routing. As long as all paths do not fail concurrently, the end-to-end path availability is maintained. Prior work in multipath selection improves routing availability by choosing node-disjoint paths or link-disjoint paths. However, through our experiments on jamming effects using MicaZ nodes, we show that disjointness is insufficient for selecting fault-independent paths. Thus, we address multipath selection based on the knowledge of a path's availability history. Using Availability History Vectors (AHVs) of paths, we present a centralized AHV-based algorithm to select fault-independent paths, and a distributed AHV-based routing protocol built on top of a classic routing algorithm in ad hoc networks. Our extensive simulation results validate that both AHV-based algorithms are effective in overcoming the jamming impact by maximizing the end-to-end availability of the selected paths.

Ameen Al-Azzawi,Gábor Lencse

DOI: https://doi.org/10.1093/comjnl/bxae059

2024-07-06

The Computer Journal

Abstract:Abstract In this paper, we focus on one of the most prominent IPv6 transition technologies, namely Mapping of Address and Port using Translation (MAP-T), and we give attention to Mapping of Address and Port with Encapsulation (MAP-E) as well. We emphasize the uniqueness of MAP-T and MAP-E, and we discuss the differences between those two technologies, including their topology, functionality, and security vulnerabilities. We apply a threat modeling technique, Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE), to assess potential vulnerabilities in the MAP-T infrastructure. Furthermore, we build a testbed for MAP-T using the open-source software, Jool, and we conduct testing on the translation process capabilities of Jool and its port allocation per subscriber. Finally, we present various attacking scenarios against the main routers of MAP-T, such as IP address spoofing, information disclosure, and source port exhaustion, and we propose mitigation methods for several attacks.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Xiao Yu,Gang Feng,Kheng Leng Gay,Chee Kheong Siew

DOI: https://doi.org/10.1093/ietcom/e90-b.4.856

2007-01-01

IEICE Transactions on Communications

Abstract:Multipath routing employs multiple parallel paths between the source and destination for a connection request to improve resource utilization of a network. In this paper, we provide an integrated design of multipath routing in MPLS networks. In addition, we take into account the quality of service (QoS) in carrying delay-sensitive traffic and failure survivability in the design. Path protection or restoration policies enables the network to accommodate link failures and avoid traffic loss. We evaluate the performance of the proposed schemes in terms of call blocking probability, network resource utilization and load balancing factor. The results demonstrate that the proposed integrated design framework can provide effective network failure survivability, and also achieve better load balancing and/or higher network resource utilization

Dan Pei,Lixia Zhang

2005-01-01

Abstract:At a fundamental level, all Internet applications rely on a dependable packet delivery service provided by the Internet routing system. However, measurements have shown that various faults (i.e., physical failures or misbehavior) occur from time to time in the Internet. For physical failures of routers or links, it takes existing Internet protocols 3 minutes on average to converge to alternative paths, resulting in interrupted packet delivery. For misbehavior (i.e., mis-configurations or malicious attacks) that could result in data traffic hijacking, current Internet routing protocols provide little defense. This dissertation studies how to build resilient Internet routing protocols to provide reliable packet delivery despite the faults in the context of Border Gateway Protocol (BGP). First, we evaluate the performance of the existing routing protocols in the face of physical failures, as measured by their ability to continue packet delivery service during routing convergence. Our results show that quickly propagating new reachability information has the most impact on the packet delivery performance. We also show that BGP's update rate-limiting timer is the major contributing factor to the duration of the transient loops. Second, to speed up BGP convergence and improve packet delivery, we propose the Root Cause Notification approach. This approach explicitly signals the failure information, which enables a node to invalidate all the paths that have become obsolete because of the same failure. It reduces the upper bound of BGP routing convergence delay from O(n) to O(d), where n is the number of nodes in a BGP network and d is the network diameter. We also develop a framework that enables us to fill the gaps in analytical results for existing convergence improvement algorithms. Third, we propose a novel semantic checking approach and develop mechanisms for detecting invalid paths in BGP and further identifying the attacker. In this approach, a node accumulates a network topology using the root cause in formation, path information in BGP message, and on-demand queries. A high detection ratio is achieved by comparing the received paths with the paths predicted based on the accumulated topology.

D Pei,LX Zhang,D Massey

DOI: https://doi.org/10.1109/mnet.2004.1276605

IF: 10.294

2004-01-01

IEEE Network

Abstract:At a fundamental level, all Internet-based applications rely on a dependable packet delivery service provided by the Internet routing infrastructure. However, the Internet is a large-scale complex loosely coupled distributed system made of many imperfect components. Faults of varying-scale and severity occur from time to time. In this paper we survey the research efforts over the years aimed at enhancing the dependability of the routing infrastructure. To provide a comprehensive overview of the various efforts, we first introduce a threat model based on known threats, then sketch out a defense framework, and put each of the existing efforts at appropriate places in the framework based on the faults and attacks against which it can defend. Our analysis shows that although individual defense mechanisms may effectively guard against specific faults, no single fence can counter all faults. Thus, a resilient Internet routing infrastructure calls for integrating techniques from cryptographic protection mechanisms, statistical anomaly detection, protocol syntax checking, and protocol semantics checking to build a multifence defense system.

Kai Bu,Yutian Yang,Zixuan Guo,Yuanyuan Yang,Xing Li,Shigeng Zhang

DOI: https://doi.org/10.1016/j.comnet.2021.108099

IF: 5.493

2021-01-01

Computer Networks

Abstract:Software-Defined Networking (SDN) greatly simplifies middlebox policy enforcement. Middleboxes need tag packet headers to avoid forwarding ambiguity on SDN switches. In this paper, we present a new attack, called middlebox-bypass attack, to breach SDN-based middlebox policy enforcement. Such an attack manipulates a compromised switch to locally tag attacking packets without handing them over to the attached middlebox for inspection. Existing SDN security solutions, however, cannot detect the middlebox-bypass attack under practical constraints of efficiency, robustness, and applicability. We design and implement FlowCloak, the first protocol for per-packet real-time detection and prevention of middlebox-bypass attacks. FlowCloak enables middleboxes to generate tags that are probabilistically unknown to an attacker and confines it to only random guessing. We propose a multi-tag verification technique to address the tradeoff between FlowCloak robustness and TCAM usage by tag verification rules on the egress switch. Experiment results show that dozens of verification rules can confine the attacking probability under 0.1%. We further explore implementation techniques of packet looping and field swapping that can enable a flow table pipeline on a single TCAM and mitigate packet correlation, respectively. FlowCloak imposes only a 0.01 ms packet processing delay on middleboxes and no obvious delay on the egress switch.

Ayush Thakur

2024-09-04

Abstract:Multiprotocol Label Switching (MPLS) is a high-performance telecommunications technology that directs data from one network node to another based on short path labels rather than long network addresses. Its efficiency and scalability have made it a popular choice for large-scale and enterprise networks. However, as MPLS networks grow and evolve, they encounter various security challenges. This paper explores the security implications associated with MPLS networks, including risks such as label spoofing, traffic interception, and denial of service attacks. Additionally, it evaluates advanced mitigation strategies to address these vulnerabilities, leveraging mathematical models and security protocols to enhance MPLS network resilience. By integrating theoretical analysis with practical solutions, this paper aims to provide a comprehensive understanding of MPLS security and propose effective methods for safeguarding network infrastructure.

Cryptography and Security,Artificial Intelligence,Networking and Internet Architecture

Congxiao Bao,Xing Li,Xiaohan Liu,Yan Bao-ping

2014-01-01

Abstract:This document discusses the experiences of using Mapping of Address and Port (MAP). Network setup and testing results using MAP- Translation (MAP-T), MAP- Encapsulation (MAP-E) and mixed MAP-T/MAP-E are described in this document. Relationships among native IPv6, single translation, double translation, and encapsulation are also discussed.

Paschal C. Amusuo,Ricardo Andrés Calvo Méndez,Zhongwei Xu,Aravind Machiry,James C. Davis

2023-08-22

Abstract:Embedded Network Stacks (ENS) enable low-resource devices to communicate with the outside world, facilitating the development of the Internet of Things and Cyber-Physical Systems. Some defects in ENS are thus high-severity cybersecurity vulnerabilities: they are remotely triggerable and can impact the physical world. While prior research has shed light on the characteristics of defects in many classes of software systems, no study has described the properties of ENS defects nor identified a systematic technique to expose them. The most common automated approach to detecting ENS defects is feedback-driven randomized dynamic analysis ("fuzzing"), a costly and unpredictable technique. This paper provides the first systematic characterization of cybersecurity vulnerabilities in ENS. We analyzed 61 vulnerabilities across 6 open-source ENS. Most of these ENS defects are concentrated in the transport and network layers of the network stack, require reaching different states in the network protocol, and can be triggered by only 1-2 modifications to a single packet. We therefore propose a novel systematic testing framework that focuses on the transport and network layers, uses seeds that cover a network protocol's states, and systematically modifies packet fields. We evaluated this framework on 4 ENS and replicated 12 of the 14 reported IP/TCP/UDP vulnerabilities. On recent versions of these ENSs, it discovered 7 novel defects (6 assigned CVES) during a bounded systematic test that covered all protocol states and made up to 3 modifications per packet. We found defects in 3 of the 4 ENS we tested that had not been found by prior fuzzing research. Our results suggest that fuzzing should be deferred until after systematic testing is employed.

Software Engineering

Kim Jae-Dong

2024-10-17

Abstract:The rapid expansion of the Internet of Things (IoT) has revolutionized various domains, offering significant benefits through enhanced interconnectivity and data exchange. However, the security challenges associated with IoT networks have become increasingly prominent owing to their inherent vulnerability. This paper provides an in-depth analysis of the network layer in IoT architectures, highlighting the potential risks posed by routing attacks, such as blackholes, wormholes, sinkholes, Sybil, and selective forwarding attacks. This study explores the unique challenges posed by the constrained resources, heterogeneity, and dynamic topology of IoT networks, which complicate the implementation of robust security measures. Various countermeasures, including trust-based mechanisms, Intrusion Detection Systems (IDS), and routing protocols, are evaluated for their effectiveness in mitigating these threats. This study also emphasizes the importance of considering misbehavior observation, trust management, and lightweight defense strategies in the design of secure IoT networks. These findings contribute to the development of comprehensive defense mechanisms tailored to the specific challenges of IoT environments.

Cryptography and Security

Jacob Ginesin,Max von Hippel,Evan Defloor,Cristina Nita-Rotaru,Michael Tüxen

2024-03-09

Abstract:SCTP is a transport protocol offering features such as multi-homing, multi-streaming, and message-oriented delivery. Its two main implementations were subjected to conformance tests using the PacketDrill tool. Conformance testing is not exhaustive and a recent vulnerability (CVE-2021-3772) showed SCTP is not immune to attacks. Changes addressing the vulnerability were implemented, but the question remains whether other flaws might persist in the protocol design. We study the security of the SCTP design, taking a rigorous approach rooted in formal methods. We create a formal Promela model of SCTP, and define 10 properties capturing the essential protocol functionality based on its RFC specification and consultation with the lead RFC author. Then we show using the Spin model checker that our model satisfies these properties. We define 4 attacker models - Off-Path, where the attacker is an outsider that can spoof the port and IP of a peer; Evil-Server, where the attacker is a malicious peer; Replay, where an attacker can capture and replay, but not modify, packets; and On-Path, where the attacker controls the channel between peers. We modify an attack synthesis tool designed for transport protocols, Korg, to support our SCTP model and four attacker models. We synthesize 14 unique attacks using the attacker models - including the CVE vulnerability in the Off-Path attacker model, 4 attacks in the Evil-Server attacker model, an opportunistic ABORT attack in the Replay attacker model, and eight connection manipulation attacks in the On-Path attacker model. We show that the proposed patch eliminates the vulnerability and does not introduce new ones according to our model and protocol properties. Finally, we identify and analyze an ambiguity in the RFC, which we show can be interpreted insecurely. We propose an erratum and show that it eliminates the ambiguity.

Cryptography and Security

Chris Karlof,David Wagner

DOI: https://doi.org/10.1016/s1570-8705(03)00008-8

IF: 4.816

2003-09-01

Ad Hoc Networks

Abstract:We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks––sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks.

computer science, information systems,telecommunications

Jaydip Sen

DOI: https://doi.org/10.48550/arXiv.1101.2759

2011-01-14

Networking and Internet Architecture

Abstract:Wireless Sensor Networks (WSNs) are rapidly emerging as an important new area in wireless and mobile computing research. Applications of WSNs are numerous and growing, and range from indoor deployment scenarios in the home and office to outdoor deployment scenarios in adversary's territory in a tactical battleground (Akyildiz et al., 2002). For military environment, dispersal of WSNs into an adversary's territory enables the detection and tracking of enemy soldiers and vehicles. For home/office environments, indoor sensor networks offer the ability to monitor the health of the elderly and to detect intruders via a wireless home security system. In each of these scenarios, lives and livelihoods may depend on the timeliness and correctness of the sensor data obtained from dispersed sensor nodes. As a result, such WSNs must be secured to prevent an intruder from obstructing the delivery of correct sensor data and from forging sensor data. To address the latter problem, end-to-end data integrity checksums and post-processing of senor data can be used to identify forged sensor data (Estrin et al., 1999; Hu et al., 2003a; Ye et al., 2004). The focus of this chapter is on routing security in WSNs. Most of the currently existing routing protocols for WSNs make an optimization on the limited capabilities of the nodes and the application-specific nature of the network, but do not any the security aspects of the protocols. Although these protocols have not been designed with security as a goal, it is extremely important to analyze their security properties. When the defender has the liabilities of insecure wireless communication, limited node capabilities, and possible insider threats, and the adversaries can use powerful laptops with high energy and long range communication to attack the network, designing a secure routing protocol for WSNs is obviously a non-trivial task.

Qi Li,Mingwei Xu,Jianping Wu,Patrick P. C. Lee,Xingang Shi,Dah Ming Chiu,Yuan Yang

DOI: https://doi.org/10.1109/tnsm.2012.070512.110138

2012-01-01

IEEE Transactions on Network and Service Management

Abstract:Routing failures are common on the Internet and routing protocols can not always react fast enough to recover from them, which usually cause packet delivery failures. To address the problem, fast reroute solutions have been proposed to guarantee reroute path availability and to avoid high packet loss after network failures. However, existing solutions are often specific to single type of routing protocol. It is hard to deploy these solutions together to protect Internet routing including both intra- and inter-domain routing protocols because of their individual computational and storage complexity. Moreover, most of them can not provide effective protection for traffic over failed links, especially for the bi-directional traffic. In this paper, we propose a unified fast reroute solution for routing protection under network failures. Our solution leverages identifier based direct forwarding to guarantee the effectiveness of routing protection and supports incremental deployment. In particular, enhanced protection cycle (e-cycle) is proposed to construct rerouting paths and to provide node and link protection for both intra- and inter-domain routing protocols. We evaluate our solution by simulations, and the results show that the solution provides 100% failure coverage for all end-to-end routing paths with approximately two extra Forwarding Information Base (FIB) entries. Furthermore, we report an experimental evaluation of the proposed solution in operational networks. Our results show that the proposed solution effective provides failure recovery and does not introduce processing overhead to packet forwarding.

Quan Ren,Tao Hu,Jiangxing Wu,Yuxiang Hu,Lei He,Julong Lan

DOI: https://doi.org/10.1016/j.comnet.2021.108134

IF: 5.493

2021-01-01

Computer Networks

Abstract:SDN improves the flexibility and programmability of the network. However, malicious attacks caused by potential vulnerabilities and backdoors can easily lead to data and rule tampering in the network. To address this problem, this paper proposes an endogenous secure SDN network framework based on multipath resilient routing (MRR). MRR includes multipath comparing forwarding, multipath weighted forwarding, and multipath random forwarding. The framework ensures the correctness of flow rules and data content by dynamically comparing the consistency of multi-heterogeneous path data within a certain period, and multipath can also achieve load balance by weighted forwarding. In the MRR framework, we also present an intermediate information feedback mechanism based on encryption authentication and give a mathematical model to evaluate it. This mechanism can accurately identify and dynamically repair malicious switches. Simulation evaluation and prototype system test show that this framework can achieve high accuracy of flow transmission and high availability of system. At the same time, multipath comparing forwarding will bring some performance costs such as delay, bandwidth, and jitter at initial and attacking time. However, when the appropriate forwarding mode and reasonable period T are selected, the proportion of delay introduced by comparing and ruling can be less than 10%, and the average bandwidth of mixed forwarding is almost the same as traditional multipaths', such as we can guarantee 25% multipath comparing forwarding when the bandwidth requirement is 250 M in prototype system.

Li Qi,Xu Mingwei,Pan Lingtao,Cui Yong

DOI: https://doi.org/10.1007/978-3-540-79549-0_48

2008-01-01

Abstract:Recent routing failure accidents show that routing systems are not so stable as we estimated because most of accidents caused packet delivery failure in Internet. In order to resolve this problem, many fast reroute solutions are proposed to guarantee reroute path provision after network failures without high packet loss. However, most of these solutions are not deployed in practice, and some key issues still need further consideration, such as the route loop issue and the deployment cost issue. In this paper, we present state machine models to analyze how path protection works in self-healing routing solutions and identify the drawbacks in traditional path protection approaches. We identify several requirements of path protection approaches, and present principles of our path protection approach to protect Internet routing based on our analysis result. Furthermore, we conduct a detailed study to measure our proposed path protection approach in production networks and the study shows that availability and stability of routing systems is improved in real production networks.

Shicong Zhang,Chenhui Gu,Huanyu Zhou,Yisha Liu,Wanli Huo,Chunyan Fu,Zhaojuan Zhang

DOI: https://doi.org/10.1109/access.2024.3409160

IF: 3.9

2024-01-01

IEEE Access

Abstract:Security analysis of ad hoc routing protocols in an adversarial environment is a challenging task. The paper utilizes Event-B to model and verify the Secure Routing Protocol (SRP), a secure on-demand source routing protocol. The expected goal of routing protocols is to find correct routes. Thus a generic definition for determining the correctness of discovered routes was proposed in the paper. The paper presents the system assumptions and system requirements that are required to be implemented in the model. The paper gradually introduces the dynamic network topology, the operations of secure source routing and various route disruption attacks into the model with the refinement mechanism of Event-B. As a result, the paper discovers some attacks against this protocol, which arise from the mobility of wireless networks and operations of malicious nodes. In particular, it is available to extend the model to include more route disruption attacks. The formalization provides reference to analyze other secure source routing protocols, such as Ariadne.

WANG Xiang-yu,YI Ping,DU Shang-xin

2011-01-01

Abstract:This article started from the introduction of the basic organization and structure of Wireless Mesh Network(WMN),and then presented the main routing attacks against WMN.Next the authors set up a test bed by taking the SR2 protocol under Click as a basis.Finally the authors studied and tested the vulnerability of the network to the black hole and flood attacks on the test bed,and purposed the detection mechanism and the method to control and exclude the malicious nodes out of the network.

MingWei Xu,Qi Li,Yuan Yang,MeiJia Hou,LingTao Pan

DOI: https://doi.org/10.1007/s11432-010-4177-4

2011-01-01

Science China Information Sciences

Abstract:Network failures occur frequently, and self-healing ability of existing routing protocols cannot guarantee fast route convergence under these failures without impacting packet forwarding. During routing convergence, network routes may be incorrect and even routing black holes and loops occur, which will result in extensive packet loss and thus influence network performance. To solve this problem, several improved routing solutions have been proposed. In this paper, we propose the concept and model of self-healing routing and analyze the key problems in current intra-domain and inter-domain self-healing routing protocols after briefly reviewing the characteristics of network failures. We classify the different self-healing solutions into two categories based on their design principles: routing restoration and routing protection, and systematically analyze these different typical solutions. Finally, we discuss several key issues in self-healing routing and propose a hybrid protection and restoration based routing scheme.