Internet infrastructure security: a taxonomy

The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber terrorism demand immediate solutions for securing the Internet infrastructure. So far, the research in Internet security primarily focused on. securing the information rather than securing the infrastructure itself. Given the prevailing threat situation, there is a compelling need to develop architectures, algorithms, and protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. This article attempts to fulfill this important step by providing a taxonomy of security attacks, which are classified into four main categories: DNS hacking, routing table poisoning, packet mistreatment, and denial-of-service attacks. The article discusses the existing solutions for each of these categories, and also outlines a methodology for developing secure protocols.

[1]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[2]  Kees van Deemter,et al.  Information sharing , 1985, SIGP.

[3]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[4]  J. J. Garcia-Luna-Aceves,et al.  Securing distance-vector routing protocols , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[5]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[6]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[7]  Mounir Hamdi,et al.  Efficient protocols for multimedia streams on WDMA networks , 1998, Proceedings Twelfth International Conference on Information Networking (ICOIN-12).

[8]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[9]  Gary Scott Malkin,et al.  RIP Version 2 , 1998, RFC.

[10]  Kan Zhang,et al.  Efficient Protocols for Signing Routing Messages , 1998, NDSS.

[11]  Biswanath Mukherjee,et al.  Detecting disruptive routers: a distributed network monitoring approach , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[12]  Shyhtsun Felix Wu,et al.  Intrusion detection for link state routing protocol through integrated network management , 1999, Proceedings Eight International Conference on Computer Communications and Networks (Cat. No.99EX370).

[13]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[14]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[15]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[16]  Shyhtsun Felix Wu,et al.  Malicious packet dropping: how it might impact the TCP performance and how we can detect it , 2000, Proceedings 2000 International Conference on Network Protocols.

[17]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[18]  Chin-Tser Huang,et al.  An anti-replay window protocol with controlled shift , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[19]  Kihong Park,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[20]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[21]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[22]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[23]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM 2001.

[24]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[25]  Dijiang Huang Secure Link State Routing Protocol : A Framework , 2003 .