Stealth Probing: Efficient Data-Plane Security for IP Routing
نویسندگان
چکیده
IP routing is notoriously vulnerable to accidental misconfiguration and malicious attack. Although secure routing protocols are an important defense, the data plane must be part of any complete solution. Existing proposals for secure (link-level) forwarding are heavy-weight, requiring cryptographic operations at each hop in a path. Instead, we propose a light-weight data-plane mechanism (called stealth probing) that monitors the availability of paths in a secure fashion, while enabling the management plane to home in on the location of adversaries by combining the results of probes from different vantage points (called Byzantine tomography). We illustrate how stealth probing and Byzantine tomography can be applied in today’s routing architecture, without requiring support from end hosts or internal routers.
منابع مشابه
A DELAY-EFFICIENT REROUTING SCHEME FOR VOICE OVER IP TRAFFIC By NARASINHA KAMAT A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE UNIVERSITY OF FLORIDA
of Thesis Presented to the Graduate School of the University of Florida in Partial Fulfillment of the Requirements for the Degree of Master of Science A DELAY-EFFICIENT REROUTING SCHEME FOR VOICE OVER IP TRAFFIC By Narasinha Kamat December 2002 Chair: Jonathan C. L. Liu Major Department: Computer and Information Science and Engineering Routing the packet flows through the network is a very impo...
متن کاملOn the Design of Next-Generation Routers and IP Networks
This thesis investigates distributed router architectures and IP networks with centralized control. While the current trend in IP-router architectures is towards decentralized design, there have also been research proposals for centralizing the control functions in IP networks. With continuous evolution of routers and IP networks, we believe that eventually IP networks in an autonomous system (...
متن کاملIP Prefix Hijacking Detection Using Idle Scan
The Internet is comprised of a lot of interconnected networks communicating reachability information using BGP. Due to the design based on trust between networks, IP prefix hijacking can occurs, which is caused by wrong routing information. This results in a serious security threat in the Internet routing system. In this paper, we present an effective and practical approach for detecting IP pre...
متن کاملA novel IP-over-optical network interconnection model for the next-generation optical Internet
This work proposes a novel IP-over-optical network interconnection model that takes the best features from both the overlay and peer models while avoiding their limitations. Specifically, the proposed model utilizes an optical layer-based unified control plane that manages both routers and optical switches (analogous to the peer model), while still retaining the complete separation between the ...
متن کاملIP/WDM Optical Network Testbed: Design and Implementation
This work presents the design and implementation of an optical transparent IP/WDM network testbed. The implemented software allows the characterization of the transport, control and management planes of the network. Furthermore, it was developed a graphic user network interface for the client/management relation in the optical network. We adopted a centralized the control and management planes,...
متن کامل