Bradley R. Smith

Securing distance-vector routing protocols

We analyze the security requirements of distance-vector routing protocols, identify their vulnerabilities, and propose countermeasures to these vulnerabilities. The innovation we propose involves the use of mechanisms from the path-finding class of distance-vector protocols as a solution to the security problems of distance-vector protocols. The result is a proposal that effectively and efficiently secures distance-vector protocols in constant space.

Securing the border gateway routing protocol

We analyze the security of the border gateway routing protocol and identify a number of vulnerabilities in its design and the corresponding threats. We then present a set of proposed modifications to the protocol which minimize or eliminate the most significant threats. The innovation we introduce is the protection of the second-to-last information contained in the autonomous path attributes by the digital signatures, and the use of techniques developed for detecting loops in path-finding protocols to verify the selected routes path information. With these techniques we are able to secure full path information in near constant space, and avoid the recursive protection mechanisms previously assumed necessary.

The Cancer Genomics Hub (CGHub): overcoming cancer through the power of torrential data

The Cancer Genomics Hub (CGHub) is the online repository of the sequencing programs of the National Cancer Institute (NCI), including The Cancer Genomics Atlas (TCGA), the Cancer Cell Line Encyclopedia (CCLE) and the Therapeutically Applicable Research to Generate Effective Treatments (TARGET) projects, with data from 25 different types of cancer. The CGHub currently contains >1.4 PB of data, has grown at an average rate of 50 TB a month and serves >100 TB per week. The architecture of CGHub is designed to support bulk searching and downloading through a Web-accessible application programming interface, enforce patient genome confidentiality in data storage and transmission and optimize for efficiency in access and transfer. In this article, we describe the design of these three components, present performance results for our transfer protocol, GeneTorrent, and finally report on the growth of the system in terms of data stored and transferred, including estimated limits on the current architecture. Our experienced-based estimates suggest that centralizing storage and computational resources is more efficient than wide distribution across many satellite labs. Database URL: https://cghub.ucsc.edu

Efficient security mechanisms for the border gateway routing protocol

We analyze the security of the BGP routing protocol and identify a number of vulnerabilities in its design and the corresponding threats. We then present modifications to the protocol that minimize or eliminate the most significant threats. The innovation we introduce is the protection of the second-to-last hop information contained in the AS_PATH attributes by digital signatures, and the use of this predecessor information to verify the path of the selected route. With these techniques, we are able to secure complete path information in near constant space, avoiding the recursive protection mechanisms proposed for BGP in the past.

Thinking Quickly: Agents for Modeling Air Warfare

Within Air Operations Division of DSTO intelligent agents are used to model the tactical decision making processes of pilots and fighter-controllers involved in air combat. One of the largest hurdles to be overcome by software engineers and analysts, when developing simulations of the air defence environment, is the acquisition of domain knowledge. Primarily the source of this knowledge is the pilots and other operational personnel, whose availability is limited and who have little experience with the design or development of simulation software. The adoption of agent oriented technologies has realized a number of significant benefits. High amongst these is the ability for operational air force personnel to become actively involved in the modification, design and development of these simulations. This involvement has dramatically reduced the time taken to prototype, test, and commission software and has resulted in simulations that have the confidence of the RAAF.

An end-to-end solution for secure and survivable routing in MANETs

We present a new approach to secure routing in MANETs and argue that the same approach can lead to more reliable routing in the face of node and link failure. Prior solutions to security in networks is inapplicable to routing in MANETs because of node mobility and the relative scarcity of bandwidth. Furthermore, path discovery does not necessarily translate into data delivery. We argue that secure routing in MANETs must be based on the end-to-end verification of physical-path characteristics aided by the exploitation of path diversity to find secure paths. We apply this approach to the design of the Secure Routing through Diversity and Verification (SRDV) protocol, a secure routing protocol that we show to be as efficient as unsecured on-demand or proactive routing approaches in the absence of attacks and capable of defending against a variety of attacks. Redundancy, through diversity, not only can be used to provide security, but it is also crucial to the survivability of the network thus establishing an insightful link between security and survivability of the network.

SCORPION: a heterogeneous wireless networking testbed

During the last decade, the success and popularity of wireless standards such as IEEE 802.11 have drawn the attention of the research community to wireless networks. A great amount of effort has been invested into research in this area, most of which relies heavily on simulation and analysis techniques. However, simulations do not precisely control hardware interrupts, packet timing and real physical and MAC layer behaviors. As a result, simulation results need to be validated by real implementations, which is evident by the change in focus of research activities increasingly moving towards real implementations, including the deployment of testbeds as a main tool to analyze network protocol functionality. Under this context, we present an overview of SCORPION (Santa Cruz mObile Radio Platform for Indoor and Outdoor Networks), a heterogeneous wireless networking testbed that includes a variety of nodes ranging from ground vehicles to autonomous aerial vehicles. The purpose of SCORPION to is to deploy and investigate nascent networking protocols using a variety of mobile platforms utilizing structured as well as unstructured mobility patterns.

Efficient policy-based routing without virtual circuits

The inclusion of multiple metrics in a routing computation is called policy-based routing. Previous work on solutions to this problem have focused on virtual-circuit-based solutions, and have resulted in computationally expensive algorithms. This paper presents a number of advances in the provision of policy-based routing services in networks and internetworks. An integrated policy-based routing architecture is formulated where the general problem is decomposed into a traffic engineering problem of computing routes in the context of administrative traffic constraints, and a quality-of-service (QoS) problem of computing routes in the context of performance-related path constraints. A family of routing algorithms are presented for computing routes in the context of these constraints which achieve new levels of computational efficiency. Lastly, a forwarding architecture is presented that efficiently supports hop-by-hop forwarding in the context of multiple paths to each destination, which is required for policy-based routing.

Practical multipath load balancing with QoS

The Internet is based on a single-path communications model. This model imposes significant constraints on the ability of the Internet to satisfy the quality-of-service requirements of network applications, and results in significant inefficiencies in the use of network resources that are manifested as congestion. The result has been the need to over-provision Internet-based systems to meet the basic needs of modern communications. With the adoption of the Internet as the converged communication infrastructure for the 21st century, this is clearly not an acceptable long-term solution. One approach that has been identified to address these limitations is to enhance the Internet routing architecture to support multiple paths between a given source and destination. Significant research has been done into multi-path solutions for QoS and congestion, however a comprehensive solution for both QoS and congestion that is compatible with the Internets datagram, hop-by-hop model of communication is still elusive. This paper reviews a solution presented in previous work, called Dominant Set Multipath Routing (DSMR), that addresses these requirements. The DSMR algorithm computes the best set of routes between each source and destination that provides the full range of performance available from the network. This set is used to route flows over paths that both meet the QoS requirements of the flow and minimize congestion in the network. Simulations are then presented which show the effectiveness of DSMR to provide 3 to 11 times the capacity of single-path routing while meeting QoS requirements and minimizing congestion.

An End-To-End Approach to Secure Routing in MANETs

SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks. 2010; 3:130–149 Published online 23 June 2009 in Wiley InterScience (www.interscience.wiley.com) DOI: 10.1002/sec.121 An end-to-end approach to secure routing in MANETs Stephen Dabideen 1∗,† , Bradley R. Smith 1 and J. J. Garcia-Luna-Aceves 1,2 Department of Computer Engineering University of California, 1156 High Street, Santa Cruz, CA 95064, U.S.A. Palo Alto Research Center (PARC), 3333 Coyote Hill Road, Palo Alto, CA 94304, U.S.A. Summary Providing secure routing in mobile ad hoc networks (MANETs) is far more difficult than establishing secure routing in wired networks or static wireless networks. Node mobility and the relative scarcity of bandwidth render prior solutions ineffective. Solutions based on securing link or path information do not work well in MANETs because the dynamic nature of links requires extensive use of flooding to establish effective countermeasures. On the other hand, solutions based on hop-by-hop exchanges of distance information are easily compromised. Instead of trying to secure the ordering of nodes, we argue that secure routing in MANETs must be based on the end-to-end verification of physical-path characteristics aided by the exploitation of path diversity to increase the probability of finding secure paths. We apply this approach to the design of the Secure Routing through Diversity and Verification (SRDV) protocol, a secure routing protocol that we show to be as efficient as unsecured on-demand or proactive routing approaches in the absence of attacks. We prove that the countermeasures used in SRDV can defend against a variety of known attacks to routing protocols, including attacks involving collusion, and the fabrication and modification of routing packets. We also show the effectiveness of the end-to-end mechanisms via simulations. Copyright