1 / 19

Vulnerabilities and Safeguards in Networks with QoS Support

Vulnerabilities and Safeguards in Networks with QoS Support. Dr. Sonia Fahmy CS Dept., Purdue University. Goals. Study, classify and rank vulnerabilities in a QoS enabled network. Model the various possible attacks and determine their effect on QoS experimentally.

darci
Télécharger la présentation

Vulnerabilities and Safeguards in Networks with QoS Support

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University

  2. Goals • Study, classify and rank vulnerabilities in a QoS enabled network. • Model the various possible attacks and determine their effect on QoS experimentally. • Design usable, easily deployable and configurable, adaptive/reactive safeguards for such attacks, and study the tradeoffs involved.

  3. Proposed Research • Study QoS, policy control and network security mechanisms in detail and formulate attacks possible in a QoS enabled network. • Study network simulation tools, model attacks and measure damage and performance loss • Implement the attacks on a QoS network test bed and evaluate damage and performance.

  4. Proposed Research • Propose recommendations for safeguards against attacks. • Implement these safeguards both in simulated and actual networks. • measure their performance. • convert them to tools.

  5. Possible Solutions • Using trustable entities. • Authentication mechanisms. • Securing policy control. • Constant monitoring of QoS provisioning. • Proposing design changes to make QoS networks inherently secure.

  6. Components of QoS • Resource allocation • Admission and policy control • QoS based routing • Resource reservation • Resource usage and provisioning • Traffic shaping and policing • Buffer management and scheduling • Congestion Control • Traffic monitoring and Feedback

  7. Quality of Service

  8. QoS Categories • Differentiated Services(DiffServ) • Classification at edges • Core only forwards • Potential points of attack • DSCP field and services based on it • QoS negotiations across edge routers • PHB, PHB groups, EF, AF

  9. Components of QoS • Integrated Services • Best Effort Service • Controlled-Load Service: Performance as good as in an unloaded datagram network. No quantitative assurances • Guaranteed Service: • Firm bound on data throughput and delay. • Every element along the path must provide delay bound. • Is not always implementable, e.g., Shared Ethernet.

  10. Policy Control • COPS protocol • PEPs and PDPs and their role

  11. Network Security • Denial of service • Service overloading by flooding • Compromising routers by altering routing strategies • Exploit flaws in software implementation • Session Hijacking • Masquerading • Information Leakage • Unauthorized resource usage (Theft of service).

  12. Security Issues • Attack Operations • Inject(I), Modify(M), Delay(Dl), Drop(Dr), Eavesdrop(E) • Points of Attack • Policy control mechanisms • Congestion control mechanisms • Resource configuration in routers • Resource usage in routers

  13. Security Issues • Vulnerabilities Exploited • Design problems (eg. DSCP uncovered, SYN flooding) • Implementation issues (poor software, buffer overflow) • Interoperability issues • Complementary protocols

  14. Types of Security Breaches • Theft of Service (Unauthorized use) • Modifying DSCP (M) • Injecting RSVP signaling messages (I) • Injecting malicious configuration (I) • Denial of Service • Compromising routers (Dr, Dl) • Re-marking packets (M) • Flooding (I)

  15. Types of Security Breaches • Information Leakage • About QoS policies (E) • Data that goes through QoS enabled Network (E) • Session Hijacking / Masquerading • Seizing control of a session by injecting or maliciously modifying authentication packets (I and M)

  16. Recommendations • Building good policy mechanisms • Securing PEPs like Edge routers and BBs (Authentication) • Encapsulation/Encryption important fields • Performing QoS measurements

  17. Tools • Monitoring Resource Allocation • Monitoring signaling mechanisms • Monitoring QoS negotiations • Monitoring packet classifiers • Monitoring Resource Usage • Monitoring bandwidth utilization • Monitoring remarking of service levels • Monitoring routing strategies

More Related