In this paper, we consider the problem of routing in an adversarial environment, where a sophisticated adversary has penetrated arbitrary parts of the routing infrastructure and attempts to disrupt routing. We present protocols that are able to route packets as long as at least one non-faulty path exists between the source and the destination. These protocols have low communication overhead, low processing requirements, low incremental cost, and fast fault detection. We also present extensions to the protocols that penalize adversarial routers by blocking their traffic.

The Border Gateway Protocol (BGP) determines how Internet traffic is routed throughout the entire world; malicious behavior by one or more BGP speakers could create serious security issues. Since the protocol depends on a speaker honestly reporting path information sent by previous speakers and involves a large number of independent speakers, the Secure BGP (S-BGP) approach uses public-key cryptography to ensure that a malicious speaker cannot fabricate this information. However, such public-key cryptography is expensive: S-BGP requires a digital signature operation on each announcement sent to each peer, and a linear (in the length of the path) number of verifications on each receipt. We use simulation of AS models derived from the Internet to evaluate the impact that the processing costs of cryptography have on BGP convergence time. As the size of these models grows, inherent memory requirements grow beyond what is normally available in serial computers, motivating us to use distributed memory cluster computers, just to hold the model state. We find that under heavy load the convergence time using ordinary S-BGP is significantly larger than BGP. We examine the impact of highly aggressive caching and pre-computation optimizations for S-BGP, and find that convergence time is much closer to BGP. However, these optimizations may be unrealistic, and are certainly expensive of memory. We consequently use the structure of BGP processing to design optimizations that reduce cryptographic overhead by amortizing the cost of private-key signatures over many messages. We call

We present two new approaches to improving the integrity of network broadcasts and multicasts with low storage and computation overhead. The first approach is a leapfrog linking protocol for securing the integrity of packets as they traverse a network during a broadcast, such as in the setup phase for link-state routing. This technique allows each router to gain confidence about the integrity of a packet before passing it on to the next router; hence, allows many integrity violations to be stopped immediately in their tracks. The second approach is a novel key predistribution scheme that we use in conjunction with a small number of hashed message authentication codes (HMACs), which allows end-to-end integrity checking as well as improved hop-by-hop integrity checking. Our schemes are suited to environments, such as in ad hoc and overlay networks, where routers can share only a small number of symmetric keys. Moreover, our protocols do not use encryption (which, of course, can be added as an optional security enhancement). Instead, security is based strictly on the use of one-way hash functions; hence, our algorithms are considerably faster than those based on traditional public-key signature schemes. This improvement in speed comes with only modest reductions in the security for broadcasting, as our schemes can tolerate small numbers of malicious routers, provided they don’t form significant cooperating coalitions. 1

The Border Gateway Protocol (BGP) determines how Internet traffic is routed throughout the entire world; malicious behavior by one or more BGP speakers could create serious security issues. Since the protocol depends on a speaker honestly reporting path information sent by previous speakers and involves a large number of independent speakers, the Secure BGP (S-BGP) approach uses public-key cryptography to ensure that a malicious speaker cannot fabricate this information. However, such public-key cryptography is expensive: S-BGP requires a digital signature operation on each announcement sent to each peer, and a linear (in the length of the path) number of verifications on each receipt. We use simulation of a 110 AS system derived from the Internet to evaluate the impact that the processing costs of cryptography have on BGP convergence time. We find that under heavy load the convergence time using ordinary S-BGP is nearly twice as large as under BGP. We examine the impact of highly aggressive caching and pre-computation optimizations for S-BGP, and find that convergence time is much closer to BGP. However, these optimizations may be unrealistic, and are certainly expensive of memory. We consequently use the structure of BGP processing to design optimizations that reduce cryptographic overhead by amortizing the cost of private-key signatures over many messages. We call this method Signature-Amortization (S-A). We find that S-A provides as good or better convergence times as the highly optimized S-BGP, but without the cost and complications of caching and pre-computation. It is possible therefore to minimize the impact route validation has on convergence, by being careful with signatures, rather than consumptive of memory.

The TCP/IP suite, the basis for today's Internet, lacks even the most basic mechanisms of authentication. As usage of the Internet increases, its scarcity of built-in security becomes more and more problematic. This paper describes serious attacks against IP control and management protocols with an accent on the ICMP protocol, as well as some of the well-known vulnerabilities of the inter-domain routing protocols. All the presented attacks have at least one common feature: they exploit intrinsic IP security flaws. The paper also discusses various solutions to these security breaches, including the use of IPsec, which currently offers cryptographic security services for the Internet infrastructure.

The Double Authentication (DA) scheme presented in [1] is designed to provide security against impersonation attack to link state routing protocol at a lower computational cost as compared to the existing schemes, such as, digital signature scheme [2]. In this paper, we present a key distribution scheme that can be used for generating and distributing keys to provide DA. This scheme leads to a storage complexity for each router that varies linearly with the number of routers in the network in the worst case (fully connected network with n nodes). Moreover, for router with four or less average number of links, the storage complexity falls below log 2 n. This scheme also increases the security robustness of DA as the subverted routers can collude only if they are neighbors. 1

In this paper, we consider the problem of routing in an adversarial environment, where a sophisticated adversary has penetrated arbitrary parts of the routing infrastructure and attempts to disrupt routing. We present protocols that are able to route packets as long as at least one non-faulty path exists between the source and the destination. These protocols have low communication overhead, low processing requirements, low incremental cost, and fast fault detection. We also present extensions to the protocols that penalize adversarial routers by blocking their traffic.

Flooding is an important tool in the routing operations of wireless ad hoc networks with applications to both topology/route discovery and data packet forwarding. We present two “guaranteed delivery ” flooding protocols. The protocols “guarantee ” successful delivery of packets from a source router to any non-faulty router in a network that is connected by at least one non-faulty path to the source router, even if the behavior of faulty routers and links is arbitrary and malicious. The first protocol is based on digital signatures. It improves earlier work by preventing the adversary from overwhelming a victim router with spurious digital signatures. The second protocol is based on the TESLA broadcast authentication protocol.

Abstract—Designing a routing protocol for large low-power and lossy networks (LLNs), consisting of thousands of constrained nodes and unreliable links, presents new challenges. The IPv6 Routing Protocol for Low-power and Lossy Networks (RPL), have been developed by the IETF ROLL Working Group as a preferred routing protocol to provide IPv6 routing functionality in LLNs. RPL provides path diversity by building and maintaining directed acyclic graphs (DAG) rooted at one (or more) gateway. However, an adversary that impersonates a gateway or has compromised one of the nodes close to the gateway can divert a large part of network traffic forward itself and/or exhaust the nodes ’ batteries. Therefore in RPL, special security care must be taken when the Destination Oriented Directed Acyclic Graph (DODAG) root is updating the Version Number by which reconstruction of the routing topology can be initiated. The same care also must be taken to prevent an internal attacker (compromised DODAG node) to publish decreased Rank value, which causes a large part of the DODAG to connect to the DODAG root via the attacker and give it the ability to eavesdrop a large part of the network traffic forward itself. Unfortunately, the currently available security services in RPL will not protect against a compromised internal node that can construct and disseminate fake messages. In this paper, a new security service is described that prevents any misbehaving node from illegitimately increasing the Version Number and compromise illegitimate decreased Rank values. I.

An ad hoc network comprises of few particular connections which collectively collaborate to assist other connections to converse with its associates with the assistance of direct wireless broadcasting. Routing issue in ad hoc broadcasting revised routing problem in a unfavorable situations taking into assumption a secure surrounding. A Node Centric Trust based Secure Dynamic Source Routing (NCTS-DSR) standard is recommended which is built on a imprudent line of attack named dynamic source routing (DSR).