Issue No. 03 - July-September (2006 vol. 3)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2006.34
Stefan Savage , IEEE
Keith Marzullo , IEEE
Alper Tugay Mizrak , IEEE
Network routers occupy a unique role in modern distributed systems. They are responsible for cooperatively shuttling packets amongst themselves in order to provide the illusion of a network with universal point-to-point connectivity. However, this illusion is shattered—as are implicit assumptions of availability, confidentiality, or integrity—when network routers are subverted to act in a malicious fashion. By manipulating, diverting, or dropping packets arriving at a compromised router, an attacker can trivially mount denial-of-service, surveillance, or man-in-the-middle attacks on end host systems. Consequently, Internet routers have become a choice target for would-be attackers and thousands have been subverted to these ends. In this paper, we specify this problem of detecting routers with incorrect packet forwarding behavior and we explore the design space of protocols that implement such a detector. We further present a concrete protocol that is likely inexpensive enough for practical implementation at scale. Finally, we present a prototype system, called Fatih, that implements this approach on a PC router and describe our experiences with it. We show that Fatih is able to detect and isolate a range of malicious router actions with acceptable overhead and complexity. We believe our work is an important step in being able to tolerate attacks on key network infrastructure components.
Communication/networking and information technology, network-level security and protection, network protocols, routing protocols, fault tolerance.
Stefan Savage, Keith Marzullo, Alper Tugay Mizrak, Yu-Chung Cheng, "Detecting and Isolating Malicious Routers", IEEE Transactions on Dependable and Secure Computing, vol. 3, no. , pp. 230-244, July-September 2006, doi:10.1109/TDSC.2006.34