Labmeeting - 20150512 - New Secure Routing Method & Applications Facing MitM attacks
Download as PPTX, PDF0 likes206 views
This document proposes a new secure routing method using graph theory to route network traffic across multiple paths to mitigate man-in-the-middle attacks. It represents computer networks as graphs and develops an algorithm called pathFinder to choose secure path combinations based on criteria like safety, speed and buffer size. The method finds two paths between a source and destination with equal weight or calculates a ratio of traffic loads across two unequal weight paths to balance security and performance. A simulation confirmed the approach does not significantly impact router performance. Further optimization is needed to scale to larger networks and select only the most secure paths.
Labmeeting - 20150512 - New Secure Routing Method & Applications Facing MitM attacks
- 1. NTUST - Mobilizing Information Technology Lab NEW SECURE ROUTING METHOD & APPLICATIONS FACING MITM ATTACKS Next Generation Networks and Services (NGNS), 2014 Advisor:Jenq-Shiou Leu Student:Bing-Syuan Wang Date:2015/05/12 National Taiwan University of Science and Technology
- 2. NTUST - Mobilizing Information Technology Lab Outline • Introduction • Graph theory in computer network • Algorithm for pathfinder • Choice of a secure combination of paths to use • Conclusion 2
- 3. NTUST - Mobilizing Information Technology Lab Introduction • Majority of solutions proposed till now for security are located at User Application Level (Anti-Virus, Intrusion detector…). • Routing is the act of moving information across an Internetwork from a source to a destination. • Packet sniffing allows individuals to capture data as it is transmitted over a network. • MITM: Main-in-the-middle attack 3
- 4. NTUST - Mobilizing Information Technology Lab Introduction • Using Graph Theory • Choose from possible paths given by pathfinder algorithm, all combinations that meet a number of criteria such as safety, speed, buffer size, etc. 4
- 5. NTUST - Mobilizing Information Technology Lab Graph theory in computer network • 𝐺 = (𝑉, 𝐸) Where 𝑉 is the set of vertices and 𝐸 is the set of edges, formed by pairs of vertices. • In this condition every Graph could be represented as a simple Matrix called adjacency matrix. • The adjacency matrix of 𝐺 = (𝑉, 𝐸) is a 𝑛 × 𝑛 Matrix 𝐷 = (𝑑𝑖𝑗) where 𝑛 is the number of nodes in G, and 𝑑𝑖𝑗 represent the weight of each edge. 5
- 6. NTUST - Mobilizing Information Technology Lab Graph theory in computer network • Go from n1 to n6 we have: n1 → n2 → n3 → n6 • And n1 → n2 → n5 → n3 → n6 6
- 7. NTUST - Mobilizing Information Technology Lab Algorithm for pathFinder • Source = n0 • Destination = n2 7
- 8. NTUST - Mobilizing Information Technology Lab Algorithm for pathFinder • no impact is foreseen on Routers if the number of hops does not exceed 12 8
- 9. NTUST - Mobilizing Information Technology Lab Choice of a secure combination of paths to use • Source n0 and Destination n8 9
- 10. NTUST - Mobilizing Information Technology Lab Choice of a secure combination of paths to use • The best solution will be to have at minimum two paths (Pi & Pj) with same weight (wi = wj) and also using different intermediate nodes • OSPF: Open Shortest Path First • two paths with the same smallest total weight = 4 n0 → n4 → n8 = 4 n0 → n1 → n2 → n5 → n8 = 4 10
- 11. NTUST - Mobilizing Information Technology Lab Choice of a secure combination of paths to use • When such solution is not possible, then we can consider another option which is to look for two paths that satisfies the condition 𝑚𝑖 × 𝑤𝑖 = 𝑚𝑗 × 𝑤𝑗 • Again from past example we can consider the solution: n0 → n1 → n2 → n5 → n8 = 4 n0 → n3 → n6 → n4 → n7 → n8 = 8 • With: m1= 2 (2 messages on P1, load of 67%) w1 = 4 m2= 1 (1 messages on P2, load of 33%) w2 = 8 11
- 12. NTUST - Mobilizing Information Technology Lab Conclusion • Using Graph Theory, this paper developed a new way of routing that includes indirectly the notion of security, a simulation was done to confirm that this new method will not have any major impact on the router performance • This paper highlighted some conditions to be used in order to chose the most safer combination of paths. • Finally, Optimization is still needed in order to be able to handle more nodes in one AREA, and also to add the possibility to show only most secure paths in one algorithm. 12
Editor's Notes
- #4: or at most between Layer 4 and 7 like: Firewall (Access Control List), IPsec, Transport Layer Security …, when it is also possible to introduce security in the lower layers such as the network layer, where we have the famous router.