1 / 19

Hardened Network

Hardened Network. Implementation & Simulation. Contents. HBGP Implementation of HBGP Simulation on SSFnet Simulation Results Future Work. HBGP. A Protocol used to propagate Hardened Network information An extension to BGP4 Hardened AS Path

jayme
Télécharger la présentation

Hardened Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hardened Network Implementation & Simulation

  2. Contents • HBGP • Implementation of HBGP • Simulation on SSFnet • Simulation Results • Future Work

  3. HBGP • A Protocol used to propagate Hardened Network information • An extension to BGP4 • Hardened AS Path • Keep the last and next Hardened Network information in the routing table

  4. Implementation of HBGP • GateD • Open-source routing protocol development platform • Model the operations of a human-configurable routers

  5. Implementation of HBGP • Modifications to GateD • aspath_format • aspath_attr • BGP_send_update • BGP_receive_update • rt_add • rt_change • if_rtup • bgp_syn_rt_change

  6. Implementation of HBGP • Status: • Hardened Network information has been propagated correctly • Modification to Routing table has been finished and under testing and debugging

  7. Simulation on SSFnet • SSFnet • Open-source Java/C++ Internet model and simulation • Protocols: IP, TCP, UDP, BGP4, OSPF, and others • network elements: hosts, routers, links, LANs

  8. Simulation on SSFnet • Modification on SSFnet • BGP package • Constructing Hardened AS Path information • Parsing Hardened AS Path information • Routing table package • Inserting last and next Hardened ASes information • IP package • Retrieving last Hardened AS • Encrypting/decrypting • Gathering information

  9. Simulation on SSFnet • Controller • Analysis information • Setting up the normal pattern • Detecting attack • Responding to abnormal behavior • Restoring the traffic

  10. Simulation Configuration

  11. Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) Normal Transp. Time(S.) Hardened Transp. Time(S.) Overhead (S.) 2 routers 0.0005588 0.0006020 0.0000432 3 routers 0.0006648 0.0007016 0.0000368 3 routers 0.0006250 0.0006712 0.0000462 4 routers 0.0009778 0.0010189 0.0000411 4 routers 0.0009753 0.0010271 0.0000518 5 routers 0.0013423 0.0014050 0.0000627 5 routers 0.0012139 0.0012572 0.0000433 6 routers 0.0017927 0.0018165 0.0000238 6 routers 0.0017969 0.0018450 0.0000481 7 routers 0.0019900 0.0020223 0.0000323 7 routers 0.0021466 0.0022015 0.0000549 8 routers 0.0022800 0.0023054 0.0000254 8 routers 0.0023938 0.0024490 0.0000522 9 routers 0.0027856 0.0028272 0.0000416 9 routers 0.0028109 0.0028760 0.0000651 10 routers 0.0033593 0.0033843 0.0000250 10 routers 0.0033593 0.0034044 0.0000451 Simulated Performance (RC4) TABLE 1. HARDEN-BACKBONE-ROUTER (RC4) TABLE 4. HARDEN-END-ROUTER (RC4)

  12. Normal Transp. Time(S.) Normal Transp. Time(S.) Hardened Transp. Time (S.) Overhead (S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers 0.0006648 0.0007900 0.0001252 2 routers 0.0005588 0.0006765 0.0001177 4 routers 0.0009778 0.0011291 0.0001513 3 routers 0.0006250 0.0007553 0.0001303 5 routers 0.0013423 0.0015043 0.0001620 4 routers 0.0009753 0.0010993 0.0001240 6 routers 0.0017927 0.0019201 0.0001274 5 routers 0.0012139 0.0013801 0.0001662 7 routers 0.0019900 0.0021080 0.0001180 6 routers 0.0017969 0.0019350 0.0001381 8 routers 0.0022800 0.0023673 0.0000873 7 routers 0.0021466 0.0022806 0.0001340 9 routers 0.0027856 0.0028893 0.0001037 8 routers 0.0023938 0.0025461 0.0001525 10 routers 0.0033593 0.0034358 0.0000795 9 routers 0.0028109 0.0029600 0.0001491 10 routers 0.0033593 0.0035168 0.0001575 Simulated Performance (BLOWFISH) TABLE 2. HARDEN-BACKBONE-ROUTER (BLOWFISH) TABLE 5. HARDEN-END-ROUTER (BLOWFISH)

  13. Normal Transp. Time(S.) Normal Transp. Time(S.) Hardened Transp. Time S.) Overhead (S.) Hardened Transp. Time(S.) Overhead (S.) 3 routers 0.0006648 0.0010609 0.0003957 2 routers 0.0005588 0.0009751 0.0004163 4 routers 0.0009778 0.0013318 0.0003540 3 routers 0.0006250 0.0010139 0.0003889 5 routers 0.0013423 0.0017127 0.0003704 4 routers 0.0009753 0.0012781 0.0003082 6 routers 0.0017927 0.0020970 0.0003043 5 routers 0.0012139 0.0015882 0.0003743 7 routers 0.0019900 0.0023300 0.0003400 6 routers 0.0017969 0.0021268 0.0003299 8 routers 0.0022800 0.0026304 0.0003504 7 routers 0.0021466 0.0024905 0.0003439 9 routers 0.0027856 0.0031015 0.0003159 8 routers 0.0023938 0.0027543 0.0003605 10 routers 0.0033593 0.0035963 0.0002370 9 routers 0.0028109 0.0031698 0.0003589 10 routers 0.0033593 0.0037286 0.0003693 Simulated Performance (DES) TABLE 3. HARDEN-BACKBONE-ROUTER (DES) TABLE 6. HARDEN-END-ROUTER (DES)

  14. Comparison of Performance Figure 7. Overhead Comparison of 8-router packets Figure 8. Overhead Comparison of 10-router packets

  15. Simulated Detection & Response • Hardened all the end routers • ICMP attack targeting the host in AS12 • Attackers are distributed over the three subnets

  16. Simulated Detection & Response Fig. 6 Traffic Pattern at Router at AS12

  17. Simulated Detection & Response • Hardened the core routers • ICMP attack targeting the host at AS12 • Attacker also are distributed over the three subnets

  18. Simulated Detection & Response Fig. 7 Traffic Pattern at Router 1 of AS1

  19. Future Work • Implementation • Hardened AS Controller • Key exchange • Encryption/Decryption in IP forwarding

More Related