Anirban Chakrabarti

Internet infrastructure security: a taxonomy

The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber terrorism demand immediate solutions for securing the Internet infrastructure. So far, the research in Internet security primarily focused on. securing the information rather than securing the infrastructure itself. Given the prevailing threat situation, there is a compelling need to develop architectures, algorithms, and protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. This article attempts to fulfill this important step by providing a taxonomy of security attacks, which are classified into four main categories: DNS hacking, routing table poisoning, packet mistreatment, and denial-of-service attacks. The article discusses the existing solutions for each of these categories, and also outlines a methodology for developing secure protocols.

Reliability constrained routing in QoS networks

The issue of handling network failures is becoming increasingly important. In this paper, we address the problem of constrained routing by treating reliability as one of the QoS requirements. The problem is to create a feasible path from a given node to the destination such that the bandwidth and reliability requirements of the path are satisfied and the cost of the path is minimized (Reliability Constrained Least Cost Routing Problem). To solve the problem, we propose an approach which employs a novel concept, called partial protection, wherein backup paths are created for a selected set of domains in the network so as to meet the reliability constraints. The Partial Protection Approach (PPA) has two steps: Primary Path Creation and Backup Path Creation if necessary. To implement PPA, we propose three scalable two-pass resource reservation schemes, viz., Conservative, Optimistic, and Hybrid schemes. These schemes differ depending on whether the backup paths are created during the forward pass, reverse pass, or both. We evaluate the performance of the proposed schemes for dynamic multicast groups with different bandwidth and reliability requirements using average call acceptance rate and average tree cost as performance metrics. Our studies show that group dynamics and reliability requirements have significant impact on the performance of the schemes.

Differentially secure multicasting and its implementation methods

Though the areas of secure multicast group architecture, key distribution and sender authentication are under scrutiny, one topic that has not been explored is how to integrate these with multi-level security. Multi-level security is the ability to distinguish subjects according to classification levels, which determines to what degree they can access confidential objects. In the case of groups, this means that some members can exchange messages at a higher sensitivity level than others. The Bell-La Padula model [BL76] outlines the rules of these multi-level accesses. In multicast groups that employ multi-level security, some of these rules are not desirable so a modified set of rules is developed in this paper and is termed differential security. Also, this paper proposes three methods to set up a differentially secure multicast group: (i) [emailxa0protected]?ve approach, (ii) multiple tree differential security (DiffSec) approach, and (iii) single DiffSec tree approach. In order to evaluate the performances (in terms of the number of links used per packet transmitted) of these approaches, extensive simulation experiments were conducted by varying the network connectivity and group size for both uniform and non-uniform membership distribution across security levels. Our studies show that the multiple tree and single DiffSec tree approaches perform much better than the [emailxa0protected]?ve approach. While the multiple tree approach could be implemented using current technology, this scheme consumes many times more addresses and network resources than the single DiffSec tree approach. From our studies, we conclude that the single DiffSec tree is a viable option for supporting multi-level security as it maximizes the resource utilization and is also scalable.

A case for scalable multicast tree migration

The proliferation of QoS-aware group applications coupled with the limited availability of network resources demands efficient mechanisms to support QoS multicasting. During a life-cycle of a multicast session, three important events can occur: membership dynamics, network dynamics, and traffic dynamics. The first two are concerned with maintaining a good quality (cost) multicast tree taking into account dynamic join/leave of members, and changes in network topology due to link/node failures/additions, respectively. The third aspect is concerned with flow, congestion, and error control. There have been many solutions proposed for dealing with each of these issues. However, the issue of tree migration has not been addressed as part of these solutions. In this paper, we highlight the importance of tree migration as a mechanism for handling membership and network dynamics in core-based I multicasting, prove that it is NP-complete, and propose four heuristic algorithms for it. The proposed algorithms are evaluated under two performance metrics: service disruption and resource wastage. Our simulation studies show that two of the algorithms offer comparable performance to that of the other two, in addition to being highly scalable and easily implementable.

An efficient algorithm for malicious update detection & recovery in distance vector protocols

The Internet infrastructure security has been gaining importance in recent years due to growing concerns for cyberwarfare. Among different network threats, the routing table poisoning attack is the most devastating and least researched topic, which needs immediate research attention. In this paper, we develop a scalable algorithm for detecting and recovering from router attacks in distance vector routing protocols. The algorithm is able to detect and recover from malicious updates under certain well-defined conditions. We carry out extensive simulation studies to evaluate the proposed pivot based algorithm for inconsistency recovery (PAIR) for three performance metrics, viz. detection probability, recovery probability and malicious distance under different network and attack scenarios. Our studies show that the PAIR is extremely scalable and offers high detection and recovery capability.

An Efficient Probabilistic Packet Marking Scheme for IP Traceback

Denial of Service (DoS) attacks represent a major threat to the availability of Internet services. Identifying the sources of these attacks is considered an important step toward a DoS-free Internet. In this paper, we propose a new scheme, called Distributed Link-List Traceback, which combines the good features of probabilistic packet marking [6] and Hash-based traceback [9]. The main idea used in the scheme is to preserve the marking information at intermediate routers in such a way that it can be collected in an efficient manner. We evaluate the effectiveness of the proposed scheme for various performance metrics through combination of analytical and simulation studies. Our studies show that the proposed scheme requires small number of packets, adjustable amount of memory. At the same time, offers high attack source detection percentage.

A scalable method for router attack detection and location in link state routing

The routing table poisoning attack is one of the most devastating and least researched topic among Internet attacks, which needs immediate research attention. In this paper, we develop a scalable method for detecting router attacks and locating the malicious routers (within a small bounded set of nodes) in link state routing protocols. We carry out analytical and simulation studies to evaluate the proposed secure link state protocol (SLIP) for two performance metrics, viz. attack detection probability and fault detection time, under different network and attack scenarios. Our studies show that the SLIP offers a very high attack detection capability with a little degradation in fault detection time compared to the link state protocol.

A case for tree migration and integrated tree maintenance in QoS multicasting

The proliferation of QoS-aware group applications coupled with the limited availability of network resources demand for efficient mechanisms to support QoS multicasting. During a life-cycle of a multicast session, three important events can occur: membership dynamics, network dynamics, and traffic dynamics. The first two are concerned with maintaining a good quality (cost) multicast tree taking into account dynamic join/leave of members, and changes in network topology due to link/node failures/additions, respectively. The third aspect is concerned with flow, congestion, and error control. There has been many solutions proposed for dealing with each of these issues. However, the issue of tree migration has not been addressed as part of these solutions. In this paper, we highlight the importance of tree migration as a mechanism for handling membership and network dynamics in core-based multicasting, prove that it is NP-Complete, and propose four heuristic algorithms for it. The proposed algorithms are evaluated under two performance metrics: service disruption and resource wastage. Our simulation studies show that two of the algorithms offer comparable performance to that of the other two, in addition to being highly scalable and easily implementable. Moreover, we also propose an integrated approach for group management involving both local and global tree maintenance techniques.

A case for tree evolution in QoS multicasting

The continuous growth of group communications and QoS-aware applications over the Internet have accelerated the development of multicasting technologies. The Core-Based Tree (CBT) multicasting approach provides a scalable solution for large groups and for large networks, such as the Internet. However, unlike in shortest-path trees, the quality (tree cost) of the CBT may eventually degrade over time due to group dynamics (join/leave). In order to counteract this degradation, the core may be migrated and a new tree constructed. The method of migrating group members from the old core to the new core has a profound impact on the quality of the tree and also on the service disruption experienced by group members. Thus, there exists a trade-off between tree cost and service disruption as higher rate of migration decreases the overall tree cost but results in more service disruption. In this paper, we develop a new paradigm for tree migration, namely tree evolution. The proposed tree evolution model (Split-based Tree Evolution Protocol) provides an elegant solution that strikes a balance between service disruption and tree cost for highly dynamic groups. We propose two forms of evolution, viz. QoS-based and timer-based. We provide an analysis to estimate the evolution timer which determines the number of cores present in the group, and also compare and contrast the merits of tree evolution versus tree migration through extensive simulation studies. We also provide a soft state implementation of the evolution protocol which is an extension of the CBT soft state approach. Our simulation studies show that the proposed evolution model demonstrates excellent tree cost and service disruption for highly dynamic groups.

A Case for Mesh-Tree-Interaction in End System Multicasting

End System Multicasting (ESM) is fast becoming a feasible alternative to IP multicasting. ESM approaches can be broadly classified into two main categories: (i) Tree first approaches, where an overlay tree is constructed on the physical network, (ii) Mesh first approaches, where a mesh is constructed on the physical network and then a tree is created on the constructed mesh. In this paper, we propose a generic Mesh Tree Interaction (MTI) mechanism, which combines the management efficiency of the mesh first approaches and the performance benefits of the tree first approaches. To achieve this, MTI uses the concept of mesh and enables interactions between the mesh and the underlying multicast tree. Our simulation studies show that MTI results in significant improvement in the quality (average delay metric) of the multicast tree.