RAMD: Route Authentication and Misdirection Detection Protocol
The internet was originally designed to be trustworthy, reliable and extensible, while its infrastructure, mainly the routing mechanisms, was not constructed with security in mind. Moreover, routers are subject to malicious attacks that can harm individual users and hinder network operations. One of the subtle attacks is that a malicious router may collaborate in the control-plane and leave routing protocols operating properly to bypass the control-plane countermeasures and then targets the data-plane. Thus, it could forward packets to routes that are inconsistent with advertised ones in the control-plane, leading to so-called misdirection attack. In this paper, we focus on the misdirection attack launched in data-plane phase and propose lightweight, efficient and secure route authentication and misdirection detection (RAMD) protocol to authenticate the forwarding route before delivering data, and detect malicious routers that could misdirect traffic within autonomous systems that apply link-state routing protocols (e.g. OSPF). RAMD doesnt require cryptographic operations at data-plane phase and has little communication and computation overhead. Moreover, its able to detect and respond to both passive and active misdirection attacks. We believe our work is an important step in detecting and preventing misdirection attack.
misdirection attack malicious forwarding detecting malicious routers secure data forwarding
Rushdi Hamamreh Mohammad Odeh Mousa Farajallah
Computer Engineering .Al-Quds University Jerusalem, Palestine Info. Tech. and Communications Al-Quds Open University Hebron, Palestine College of Engineering and Tech.Palestine Polytechnic University Hebron, Palestine
国际会议
重庆
英文
1952-1958
2011-08-20(万方平台首次上网日期,不代表论文的发表时间)