Analyzing BGP Instances in Maude

Analyzing Border Gateway Protocol (BGP) instances is a crucial stepin the design and implementation of safe BGP systems. Today, the analysis is amanual and tedious process. Researchers study the instances by manually constructingexecution sequences, hoping to either identify an oscillation or showthat the instance is safe by exhaustively examining all possible sequences. Wepropose to automate the analysis by using Maude, a tool based on rewriting logic.We have developed a library specifying a generalized path vector protocol, andmethods to instantiate the library with customized routing policies. Protocols canbe analyzed automatically by Maude, once users provide specifications of thenetwork topology and routing policies. Using our Maude library, protocols orpolicies can be easily specified and checked for problems. To validate our approach,we performed safety analysis of well-known BGP instances and actualrouting configurations

Design & Evaluation of Path-based Reputation System for MANET Routing

Most of the existing reputation systems in mobile ad hoc networks (MANET) consider only node reputations when selecting routes. Reputation and trust are therefore generally ensured within a one-hop distance when routing decisions are made, which often fail to provide the most reliable, trusted route. In this report, we first summarize the background studies on the security of MANET. Then, we propose a system that is based on path reputation, which is computed from reputation and trust values of each and every node in the route. The use of path reputation greatly enhances the reliability of resulting routes. The detailed system architecture and components design of the proposed mechanism are carefully described on top of the AODV (Ad-hoc On-demand Distance Vector) routing protocol. We also evaluate the performance of the proposed system by simulating it on top of AODV. Simulation experiments show that the proposed scheme greatly improves network throughput in the midst of misbehavior nodes while requires very limited message overhead. To our knowledge, this is the first path-based reputation system proposal that may be implemented on top of a non-source based routing scheme such as AODV

An Adaptive Policy Management Approach to BGP Convergence

The Border Gateway Protocol (BGP) is the current inter-domain routing protocol used to exchange reachability information between Autonomous Systems (ASes) in the Internet. BGP supports policy-based routing which allows each AS to independently adopt a set of local policies that specify which routes it accepts and advertises from/to other networks, as well as which route it prefers when more than one route becomes available. However, independently chosen local policies may cause global conflicts, which result in protocol divergence. In this paper, we propose a new algorithm, called Adaptive Policy Management Scheme (APMS), to resolve policy conflicts in a distributed manner. Akin to distributed feedback control systems, each AS independently classifies the state of the network as either conflict-free or potentially-conflicting by observing its local history only (namely, route flaps). Based on the degree of measured conflicts (policy conflict-avoidance vs. -control mode), each AS dynamically adjusts its own path preferences—increasing its preference for observably stable paths over flapping paths. APMS also includes a mechanism to distinguish route flaps due to topology changes, so as not to confuse them with those due to policy conflicts. A correctness and convergence analysis of APMS based on the substability property of chosen paths is presented. Implementation in the SSF network simulator is performed, and simulation results for different performance metrics are presented. The metrics capture the dynamic performance (in terms of instantaneous throughput, delay, routing load, etc.) of APMS and other competing solutions, thus exposing the often neglected aspects of performance.National Science Foundation (ANI-0095988, EIA-0202067, ITR ANI-0205294

Fuzzy based load and energy aware multipath routing for mobile ad hoc networks

Routing is a challenging task in Mobile Ad hoc Networks (MANET) due to their dynamic topology and lack of central administration. As a consequence of un-predictable topology changes of such networks, routing protocols employed need to accurately capture the delay, load, available bandwidth and residual node energy at various locations of the network for effective energy and load balancing. This paper presents a fuzzy logic based scheme that ensures delay, load and energy aware routing to avoid congestion and minimise end-to-end delay in MANETs. In the proposed approach, forwarding delay, average load, available bandwidth and residual battery energy at a mobile node are given as inputs to a fuzzy inference engine to determine the traffic distribution possibility from that node based on the given fuzzy rules. Based on the output from the fuzzy system, traffic is distributed over fail-safe multiple routes to reduce the load at a congested node. Through simulation results, we show that our approach reduces end-to-end delay, packet drop and average energy consumption and increases packet delivery ratio for constant bit rate (CBR) traffic when compared with the popular Ad hoc On-demand Multipath Distance Vector (AOMDV) routing protocol

Lower Bounds for Symbolic Computation on Graphs: Strongly Connected Components, Liveness, Safety, and Diameter

A model of computation that is widely used in the formal analysis of reactive systems is symbolic algorithms. In this model the access to the input graph is restricted to consist of symbolic operations, which are expensive in comparison to the standard RAM operations. We give lower bounds on the number of symbolic operations for basic graph problems such as the computation of the strongly connected components and of the approximate diameter as well as for fundamental problems in model checking such as safety, liveness, and co-liveness. Our lower bounds are linear in the number of vertices of the graph, even for constant-diameter graphs. For none of these problems lower bounds on the number of symbolic operations were known before. The lower bounds show an interesting separation of these problems from the reachability problem, which can be solved with $O(D)$ symbolic operations, where $D$ is the diameter of the graph. Additionally we present an approximation algorithm for the graph diameter which requires $\tilde{O}(n \sqrt{D})$ symbolic steps to achieve a $(1+\epsilon)$-approximation for any constant $\epsilon > 0$. This compares to $O(n \cdot D)$ symbolic steps for the (naive) exact algorithm and $O(D)$ symbolic steps for a 2-approximation. Finally we also give a refined analysis of the strongly connected components algorithms of Gentilini et al., showing that it uses an optimal number of symbolic steps that is proportional to the sum of the diameters of the strongly connected components

Alibi framework for identifying reactive jamming nodes in wireless LAN

Reactive jamming nodes are the nodes of the network that get compromised and become the source of jamming attacks. They assume to know any shared secrets and protocols used in the networks. Thus, they can jam very effectively and are very stealthy. We propose a novel approach to identifying the reactive jamming nodes in wireless LAN (WLAN). We rely on the half-duplex nature of nodes: they cannot transmit and receive at the same time. Thus, if a compromised node jams a packet, it cannot guess the content of the jammed packet. More importantly, if an honest node receives a jammed packet, it can prove that it cannot be the one jamming the packet by showing the content of the packet. Such proofs of jammed packets are called "alibis" - the key concept of our approach. In this paper, we present an alibi framework to deal with reactive jamming nodes in WLAN. We propose a concept of alibi-safe topologies on which our proposed identification algorithms are proved to correctly identify the attackers. We further propose a realistic protocol to implement the identification algorithm. The protocol includes a BBC-based timing channel for information exchange under the jamming situation and a similarity hashing technique to reduce the storage and network overhead. The framework is evaluated in a realistic TOSSIM simulation where the simulation characteristics and parameters are based on real traces on our small-scale MICAz test-bed. The results show that in reasonable dense networks, the alibi framework can accurately identify both non-colluding and colluding reactive jamming nodes. Therefore, the alibi approach is a very promising approach to deal with reactive jamming nodes.published or submitted for publicationnot peer reviewe