An Open Unified Addressing System for 6G Communication Networks

With the rapid and continuous development of the Internet, it is foreseeable that current addressing schemes and fixed-length IP addresses would create further bottlenecks and limitations in realizing future 6G networking requirements, such as massive connections, resource-constrained communication, and heterogeneous hyper interconnections and guaranteeing agreement-based services and KPIs. Moreover, the locator-based addressing semantic is unsuitable for mobile and content-oriented networks. Thus, this paper proposes the Open Unified Addressing (OUA) system, a novel, flexible, multi-semantic and hierarchical addressing architecture that better supports the flexibility and extensibility of the Internet protocol framework in the context of 6G Communications. The OUA addresses several limitations in the current IP protocol and improves communication efficiency. According to the evaluation with two typical forwarding models, the results show that the OUA system has almost no impact on forwarding delay. Moreover, it can provide scalable addressing spaces and shorten the route convergence time

Analysis of Routing Worm Infection Rates on an IPV4 Network

Malicious logic, specifically worms, has caused monetary expenditure problems to network users in the past. Worms, like Slammer and Code Red, have infected thousands of systems and brought the Internet to a standstill. This research examines the ability of the original Slammer worm, the Slammer based routing worm proposed by Zou et al, and a new Single Slash Eight (SSE) routing worm proposed by this research to infect vulnerable systems within a given address space. This research investigates the Slammer worm\u27s ability to generate a uniform random IP addresses in a given address space. Finally, a comparison of the speed increase from computing systems available today versus those in use during the original Slammer release is performed. This research finds that the both the Slammer based routing worm and the SSE routing worm are faster than the original Slammer. The random number generator of the original Slammer worm does generate a statistically uniform distribution of addresses within the range under test. Further, this research shows that despite the previous research into the speed of worm propagation, there is a large void in testing worms on the systems available today that need to be investigated. The speed of the computing systems that the worms operated on in the past were more than three times slower than today\u27s systems. As the speed of computer systems continue to grow, the speed of worm propagation should increase with it as their scan rates directly relate to their infection rate. As such, the immunity of the future IPv6 network, from scanning worms may need to be reexamined

ROVER: a DNS-based method to detect and prevent IP hijacks

2013 Fall.Includes bibliographical references.The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 16 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in February 2012, and an event that partially crippled Google in November 2012. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the Internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic. In this dissertation we propose ROVER (Route Origin VERification System), a novel and practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER exploits the reverse DNS for storing route origin data and provides a fail-safe, best effort approach to authentication. This approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. Our thesis is that ROVER systems can be deployed by a small number of institutions in an incremental fashion and still effectively thwart origin and sub-prefix IP hijacking despite non-participation by the majority of Autonomous System owners. We then present research results supporting this statement. We evaluate the effectiveness of ROVER using simulations on an Internet scale topology as well as with tests on real operational systems. Analyses include a study of IP hijack propagation patterns, effectiveness of various deployment models, critical mass requirements, and an examination of ROVER resilience and scalability

On the Analysis of the Internet from a Geographic and Economic Perspective via BGP Raw Data

The Internet is nowadays an integral part of the everyone's life, and will become even more important for future generations. Proof of that is the exponential growth of the number of people who are introduced to the network through mobile phones and smartphones and are connected 24/7. Most of them rely on the Internet even for common services, such as online personal bank accounts, or even having a videoconference with a colleague living across the ocean. However, there are only a few people who are aware of what happens to their data once sent from their own devices towards the Internet, and an even smaller number -- represented by an elite of researchers -- have an overview of the infrastructure of the real Internet. Researchers have attempted during the last years to discover details about the characteristics of the Internet in order to create a model on which it would be possible to identify and address possible weaknesses of the real network. Despite several efforts in this direction, currently no model is known to represent the Internet effectively, especially due to the lack of data and the excessive coarse granularity applied by the studies done to date. This thesis addresses both issues considering Internet as a graph whose nodes are represented by Autonomous Systems (AS) and connections are represented by logical connections between ASes. In the first instance, this thesis has the objective to provide new algorithms and heuristics for studying the Internet at a level of granularity considerably more relevant to reality, by introducing economic and geographical elements that actually limit the number of possible paths between the various ASes that data can undertake. Based on these heuristics, this thesis also provides an innovative methodology suitable to quantify the completeness of the available data to identify which ASes should be involved in the BGP data collection process as feeders in order to get a complete and real view of the core of the Internet. Although the results of this methodology highlights that current BGP route collectors are not able to obtain data regarding the vast majority of the ASes part of the core of the Internet, the situation can still be improved by creating new services and incentives to attract the ASes identified by the previous methodology and introduce them as feeders of a BGP route collector

Technologies, routing policies and relationships between autonomous systems in inter-domain routing

A deep exploration of the issues related to routing decisions in inter-domain routing is the scope of this thesis, through the analysis of the interconnection structure and the network hierarchy, the examination of the inter-domain routing protocol used to exchange network reachability information with other systems, the examination of the routing decision process between the entities according to their attributes and policies, the study of the topology generators of the AS relationships, reviewing the most interesting proposals in this area, describing why these issues are difficult to solve, and proposing solutions allowing to better understand the routing process and optimally solve the trade-off of implementing a Peering Engagement between two Autonomous Systems, against the extra cost that this solution represent. More specifically this thesis introduces a new scheme for the routing decision in a BGP speaker through a formalization of the routing decision process, and proposes a formulation of a real and exhaustive mathematical model of a Peering Engagement between Autonomous Systems, to be solved as a problem of maximization with an ad-hoc built Decision Support System (XESS) able to find an optimal reduced set of solutions to the proposed problem. -------------------------------------------------------------------------- ABSTRACT [IT] Un’analisi approfondita delle tematiche inerenti le decisioni di routing nel routing interdominio è oggetto di questa tesi, attraverso l’esame della struttura di interconnessione e delle gerarchia del network, lo studio del protocollo utilizzato nel routing interdominio per scambiare le informazioni di reachability con gli altri sistemi, l’analisi del processo decisionale tra le entità coinvolte nello scambio di tali informazioni in accordo con le politiche e gli attributi, lo studio delle topologie sintetiche derivate dallo studio delle relazioni tra gli AS, attraverso i lavori di ricerca in quest’area, la descrizione dei problemi e delle difficoltà, e offrendo un contributo atto a fornire una maggiore comprensione del processo decisionale nel routing interdominio e una soluzione per l’implementazione di un processo di Peering tra Autonomous System. In particolare, questa tesi introduce un nuovo modello per il processo decisionale in uno speaker BGP attraverso la formalizzazione del routing decision process, e propone un modello matematico esaustivo delle meccaniche legate al processo di Peering Engagement tra Autonomous System, da analizzare come problema di massimizzazione e da risolvere con un Decision Support System (XESS) creato per trovare un sottoinsieme ottimo di soluzioni al problema matematico proposto

IP and ATM integration: A New paradigm in multi-service internetworking

ATM is a widespread technology adopted by many to support advanced data communication, in particular efficient Internet services provision. The expected challenges of multimedia communication together with the increasing massive utilization of IP-based applications urgently require redesign of networking solutions in terms of both new functionalities and enhanced performance. However, the networking context is affected by so many changes, and to some extent chaotic growth, that any approach based on a structured and complex top-down architecture is unlikely to be applicable. Instead, an approach based on finding out the best match between realistic service requirements and the pragmatic, intelligent use of technical opportunities made available by the product market seems more appropriate. By following this approach, innovations and improvements can be introduced at different times, not necessarily complying with each other according to a coherent overall design. With the aim of pursuing feasible innovations in the different networking aspects, we look at both IP and ATM internetworking in order to investigating a few of the most crucial topics/ issues related to the IP and ATM integration perspective. This research would also address various means of internetworking the Internet Protocol (IP) and Asynchronous Transfer Mode (ATM) with an objective of identifying the best possible means of delivering Quality of Service (QoS) requirements for multi-service applications, exploiting the meritorious features that IP and ATM have to offer. Although IP and ATM often have been viewed as competitors, their complementary strengths and limitations from a natural alliance that combines the best aspects of both the technologies. For instance, one limitation of ATM networks has been the relatively large gap between the speed of the network paths and the control operations needed to configure those data paths to meet changing user needs. IP\u27s greatest strength, on the other hand, is the inherent flexibility and its capacity to adapt rapidly to changing conditions. These complementary strengths and limitations make it natural to combine IP with ATM to obtain the best that each has to offer. Over time many models and architectures have evolved for IP/ATM internetworking and they have impacted the fundamental thinking in internetworking IP and ATM. These technologies, architectures, models and implementations will be reviewed in greater detail in addressing possible issues in integrating these architectures s in a multi-service, enterprise network. The objective being to make recommendations as to the best means of interworking the two in exploiting the salient features of one another to provide a faster, reliable, scalable, robust, QoS aware network in the most economical manner. How IP will be carried over ATM when a commercial worldwide ATM network is deployed is not addressed and the details of such a network still remain in a state of flux to specify anything concrete. Our research findings culminated with a strong recommendation that the best model to adopt, in light of the impending integrated service requirements of future multi-service environments, is an ATM core with IP at the edges to realize the best of both technologies in delivering QoS guarantees in a seamless manner to any node in the enterprise

Understading Multiple Origin AS Conflicts

Internet routing problems are often difficult to detect and diagnose because one address prefix can be originated by multiple ASes. There is, however, no comprehensive analysis on the causes of Multiple Origin AS (MOAS) conflicts. In this paper, we study the characteristics of MOAS conflicts and compare them with those from 10 years ago. We also provide an in-depth examination of four MOAS causes--IXP, anycast, false origin AS, and origin-AS transition. Furthermore, we propose two heuristics to identify MOAS conflicts caused by false origin ASes and origin-AS transitions. The findings from our study and proposed heuristics can help us design effective mechanisms to distinguish legitimate MOAS conflicts from illegitimate ones, thus improving the reliability and security of Internet routing

Plataforma modular para deteção de ataques de encaminhamento BGP

In order for Internet connectivity to be possible, routing protocols have been created to assist in this task. The global routing protocol in use is BGP, which uses the aggregation of several network prefixes into ASes to create a graph containing information regarding routes to all public network prefixes, leading to global connectivity. Despite serving its purpose, this protocol is based on blind trust between all the BGP peers and as such leaves it exposed to attacks. Since this protocol is responsible for global connectivity, an attack carried on this protocol can have traffic re-routed from its normal path, and right into the attackers’ hands, which may then be able to read and or alter the information contained in the traffic. Although security measures have been created for this protocol, they are not widely deployed, and, as such, most of the BGP devices’ routing tables can still be compromised by a rogue BGP peer. ISPs have ways to detect these kind of attacks, and act upon them but the users, such as private users or companies, are left at the mercy of their ISPs ability to detect and notify their clients of such attacks. That being the case, this dissertation proposes a platform capable of monitoring networks in order to detect BGP routing attacks. The platform has been made as modular as possible, to facilitate changes, and addition of new methods to detect such anomalies, and has also implemented two different methodologies for the detection of BGP routing anomalies. One of them based in an already published paper while the other one is proposed by the author of this dissertation. From data collection with the use of several probes, to the analysis of said data to detect the anomalies, all of that will be presented and explained to demonstrate that the platform does indeed detect BGP routing attacks with an accuracy of over 90%. This platform can then help the users to defend themselves against such attacks, by providing information of when those are happening in near realtime as well as allow for the deployment of custom countermeasures, which can be set to activate when an alarm is raised, giving more control to the users and making them less reliant on their ISPs for information and action.Para a conectividade da Internet ser possível, foram criados protocolos de encaminhamento para esse propósito. O protocolo de encaminhamento global utilizado é o BGP, que utiliza a agregação de vários prefixos de redes em ASes de maneira a criar um grafo que contém a informação sobre as rotas para os diversos prefixos de redes públicas, criando assim as condições para conectividade global. Apesar de satisfazer o seu propósito, este protocolo é baseado em confiança cega entre pares de BGP levando a que este fique exposto a ataques. Sendo este protocolo responsável pela conectividade global, um ataque efetuado através deste protocol pode levar a que o tráfego seja desviado da sua rota normal e vá parar às mãos do atacante, dando a possibilidade de este conseguir ler e ou alterar o seu conteúdo. Apesar de medidas de segurança já terem sido propostas, estas não estão atualmente implementadas na maioria dos dispositivos que utilizam este protocolo, deixando-os assim vulneráveis a dispositivos comprometidos, podendo comprometer as suas tabelas de encaminhamento. Os ISPs (provedor de serviço de Internet) têm metodologias para detetar este tipo de ataques e agir sobre eles mas os utilizadores, tais como privados e ou empresas, são deixados à mercê da capacidade dos seus ISPs detetarem e os notificarem de tais ataques. Sendo esse o caso, esta dissertação propõe uma plataforma capaz de monitorizar a conectividade entre redes de modo a detetar ataques de encaminhamento BGP. Esta plataforma foi construída de forma a ser o mais modular possível, de modo a facilitar a alteração ou adição de novos métodos de deteção de anomalias. A plataforma no estado atual tem já integrada duas metodologias. Uma das metodologias é baseada em um artigo já publicado, sendo a outra proposta pelo autor desta dissertação. Desde recolha de dados utilizando várias sondas, à sua análise de modo a detetar possíveis anomalias, tudo isto será apresentado e explicado de maneira a demonstrar que a plataforma proposta é realmente capaz de detetar em tempo útil este tipo de ataques, com uma precisão superior a 90%. Esta plataforma pode então ajudar o utilizador a defender-se contra estes ataques, dando a informação de quando estes ataques estão a ocorrer, quase em tempo real, permitindo também que os utilizadores possam empregar contra medidas que serão acionadas automaticamente pela plataforma, caso estejam ativas, oferecendo assim um maior controlo aos utilizadores e menor dependência dos ISPs.Mestrado em Engenharia de Computadores e Telemátic

Abstracting network policies

Almost every human activity in recent years relies either directly or indirectly on the smooth and efficient operation of the Internet. The Internet is an interconnection of multiple autonomous networks that work based on agreed upon policies between various institutions across the world. The network policies guiding an institution’s computer infrastructure both internally (such as firewall relationships) and externally (such as routing relationships) are developed by a diverse group of lawyers, accountants, network administrators, managers amongst others. Network policies developed by this group of individuals are usually done on a white-board in a graph-like format. It is however the responsibility of network administrators to translate and configure the various network policies that have been agreed upon. The configuration of these network policies are generally done on physical devices such as routers, domain name servers, firewalls and other middle boxes. The manual configuration process of such network policies is known to be tedious, time consuming and prone to human error which can lead to various network anomalies in the configuration commands. In recent years, many research projects and corporate organisations have to some level abstracted the network management process with emphasis on network devices (such as Cisco VIRL) or individual network policies (such as Propane). [Continues.]</div