University of Surrey

Test tubes in the lab Research in the ATI Dance Research

Secure and Robust Packet Forwarding for Next Generation IP Networks.

Tafreshi, Vahid Heydari Fami. (2015) Secure and Robust Packet Forwarding for Next Generation IP Networks. Doctoral thesis, University of Surrey (United Kingdom)..

Available under License Creative Commons Attribution Non-commercial Share Alike.

Download (43MB) | Preview


Inter & intra domain adaptive routing protocols are required to propagate reachability information to locate other hosts/routers/contents amongst disparate parts of the Internet. Border Gateway Protocol (BGP), for instance, is the defacto inter-domain routing protocol operating amongst divergent Internet components known as Autonomous Systems (ASes). Nonetheless, the protocol can suffer from Byzantine failure whereby a legitimate node simply misbehaves. While security should be a built-in element of any trustworthy forwarding design, it appears to be an arduous add-on process for BGP. This research addresses such vulnerabilities and can be summarised into the following: 1. A Detailed Survey on the BGP State-of-the-art Security Challenges and Solutions: these analyses proved that Byzantine failure remains the inherent deficiency here. Results also stressed the potential solution should be an incrementally deployable remedy, involve minimum/standard crypto, be placed on a higher layer than BGP and not be an option. 2. Robust Modelling/Visual Analytics of BGP & its Security Vulnerabilities/Schemes: the experimental results from the emulated Cisco infrastructure evidenced that the magnitude of the adverse effect of accepting false or malicious reachability information is reliant directly on the location of the origin and thus the Byzantine attacker’s position in relation to the victim’s location becomes determinative. The OPNET-based modelling visualised and validated that the richer the attacker is in the interconnectivity, the larger the adversary impact is. Additionally, the closer the attacker is to the victim, the higher the attack’s success rate. 3. Analysis, Design, Implementation & Evaluation of a Novel Method for Byzantine Robust BGP: studying the hierarchical structure as well as the power-law structure properties of the Internet in addition to the thorough OPNET-based analyses, Localised Overlay Management Plane (LOMP) was proposed. LOMP demonstrates that having only a few security-conscious ASes, placed over particular vantage points, can add Byzantine robustness to BGP to a large extent. This research then realised LOMP architecture based on Cisco infrastructure and evaluated the deployment critically in terms of the added overhead and protocol message signalling. 4. Analysing the “Trust” in the Future Internet (FI) Forwarding Plane Proposals: two promising FI proposals namely CURLING as an information-centric networking approach for accessing contents at the Internet scale and OpenFlow, the most commonly deployed software-defined networking technology, are analysed as a final contribution. With the former, five distinct attack scenarios for hijacking contents are revealed and addressed through our synthesis design proposal. With the latter, this research integrates the forwarding of IPsec flows into the OpenFlow architecture in order to facilitate the secure group communication based on a novel method.

Item Type: Thesis (Doctoral)
Divisions : Theses
Authors : Tafreshi, Vahid Heydari Fami.
Date : 2015
Additional Information : Thesis (Ph.D.)--University of Surrey (United Kingdom), 2015.
Depositing User : EPrints Services
Date Deposited : 14 May 2020 14:27
Last Modified : 14 May 2020 14:32

Actions (login required)

View Item View Item


Downloads per month over past year

Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800