585 research outputs found
Architecture for Mobile Heterogeneous Multi Domain Networks
Multi domain networks can be used in several scenarios including military, enterprize networks, emergency networks and many other cases. In such networks, each domain might be under its own administration. Therefore, the cooperation among domains is conditioned by individual domain policies regarding sharing information, such as network topology, connectivity, mobility, security, various service availability and so on. We propose a new architecture for Heterogeneous Multi Domain (HMD) networks, in which one the operations are subject to specific domain policies. We propose a hierarchical architecture, with an infrastructure of gateways at highest-control level that enables policy based interconnection, mobility and other services among domains. Gateways are responsible for translation among different communication protocols, including routing, signalling, and security. Besides the architecture, we discuss in more details the mobility and adaptive capacity of services in HMD. We discuss the HMD scalability and other advantages compared to existing architectural and mobility solutions. Furthermore, we analyze the dynamic availability at the control level of the hierarchy
On Compact Routing for the Internet
While there exist compact routing schemes designed for grids, trees, and
Internet-like topologies that offer routing tables of sizes that scale
logarithmically with the network size, we demonstrate in this paper that in
view of recent results in compact routing research, such logarithmic scaling on
Internet-like topologies is fundamentally impossible in the presence of
topology dynamics or topology-independent (flat) addressing. We use analytic
arguments to show that the number of routing control messages per topology
change cannot scale better than linearly on Internet-like topologies. We also
employ simulations to confirm that logarithmic routing table size scaling gets
broken by topology-independent addressing, a cornerstone of popular
locator-identifier split proposals aiming at improving routing scaling in the
presence of network topology dynamics or host mobility. These pessimistic
findings lead us to the conclusion that a fundamental re-examination of
assumptions behind routing models and abstractions is needed in order to find a
routing architecture that would be able to scale ``indefinitely.''Comment: This is a significantly revised, journal version of cs/050802
Measuring and mitigating AS-level adversaries against Tor
The popularity of Tor as an anonymity system has made it a popular target for
a variety of attacks. We focus on traffic correlation attacks, which are no
longer solely in the realm of academic research with recent revelations about
the NSA and GCHQ actively working to implement them in practice.
Our first contribution is an empirical study that allows us to gain a high
fidelity snapshot of the threat of traffic correlation attacks in the wild. We
find that up to 40% of all circuits created by Tor are vulnerable to attacks by
traffic correlation from Autonomous System (AS)-level adversaries, 42% from
colluding AS-level adversaries, and 85% from state-level adversaries. In
addition, we find that in some regions (notably, China and Iran) there exist
many cases where over 95% of all possible circuits are vulnerable to
correlation attacks, emphasizing the need for AS-aware relay-selection.
To mitigate the threat of such attacks, we build Astoria--an AS-aware Tor
client. Astoria leverages recent developments in network measurement to perform
path-prediction and intelligent relay selection. Astoria reduces the number of
vulnerable circuits to 2% against AS-level adversaries, under 5% against
colluding AS-level adversaries, and 25% against state-level adversaries. In
addition, Astoria load balances across the Tor network so as to not overload
any set of relays.Comment: Appearing at NDSS 201
CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP
The Internet routing protocol BGP expresses topological reachability and
policy-based decisions simultaneously in path vectors. A complete view on the
Internet backbone routing is given by the collection of all valid routes, which
is infeasible to obtain due to information hiding of BGP, the lack of
omnipresent collection points, and data complexity. Commonly, graph-based data
models are used to represent the Internet topology from a given set of BGP
routing tables but fall short of explaining policy contexts. As a consequence,
routing anomalies such as route leaks and interception attacks cannot be
explained with graphs.
In this paper, we use formal languages to represent the global routing system
in a rigorous model. Our CAIR framework translates BGP announcements into a
finite route language that allows for the incremental construction of minimal
route automata. CAIR preserves route diversity, is highly efficient, and
well-suited to monitor BGP path changes in real-time. We formally derive
implementable search patterns for route leaks and interception attacks. In
contrast to the state-of-the-art, we can detect these incidents. In practical
experiments, we analyze public BGP data over the last seven years
Revisiting Internet Adressing: Back to the Future!
IP prefixes undermine three goals of Internet routing: accurate reflection of network-layer reachability, secure routing messages, and effective traffic control. This paper presents Atomic IP (AIP), a simple change to Internet addressing (which in fact reverts to how addressing once worked), that allows Internet routing to achieve these goals
On the challenges of establishing disjoint QoS IP/MPLS paths across multiple domains
MPLS is being actively adopted as the core switching infrastructure at the intradomain level. This trend is mainly attributable to the undeniable potential of MPLS in terms of virtual private networks (VPNs) management, traffic engineering (TE), QoS delivery, path protection, and fast recovery from network failures. However, little progress has been made to attain the expected extension of MPLS label-switched paths (LSPs) across domain boundaries. Among the problems that remain unsolved is how to efficiently find and establish primary and protection interdomain LSPs for mission-critical services subject to QoS constraints. This article explores the major limitations hindering the deployment of these kinds of LSPs across multiple domains, in the context of the current interdomain network model. We describe the critical problems faced by the research community, and present our vision on how to rationally overcome some of the problems exposed. Our perspective is that we should be prepared for rather coarse-grained solutions as long as we need to coexist with the current interdomain network modelPostprint (published version
- …