Abstract
In recent years, the world has been shocked by the increasing number of network attacks that take advantage of router vulnerabilities to perform data interceptions. Such attacks are generally based on low cost, unidirectional, concealed mechanisms, and are very difficult to recognize let alone restrain. This is especially so, because the most affected parties – the users and Internet Service Providers (ISPs) – have very little control, if any, on router vulnerabilities. In this paper, we design, implement and evaluate a policy-based security system aimed at stopping such attacks from both the routing and switching network functions, by detecting any violations in the set policies. We prove the system’s security completeness to data interception attacks. Based on simulations, we show that 100% of normal packets can pass through the policy-based system, and about 99.92% of intercepting ones would be caught. In addition, the performance of the proposed system is acceptable with regard to current TCP/IP networks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
National Security Agency: PRISM/US-984XN Overview, April 2013
Bowden, C.: The US national security agency (NSA) surveillance programmes (PRISM) and foreign intelligence surveillance Act(FISA) activities and their impact on EU citizens’ fundamental rights (2013)
Dobrescu, M., Argyraki, K.: Software dataplane verification. In: NSDI (2014)
Kothari, N., Mahajan, R., Millstein, T., et al.: Finding protocol manipulation attacks. In: SIGCOMM (2011)
Trusted Computing Group: TCG Specification Architecture Overview [EB/OL]. [2005-03-01]. https://www.trustedcomputinggroup.org/groups/TCG_1_0_Architecture_Overview.pdf
Challener, D., Yoder, K., Catherman, R., et al.: A Practical Guide to Trusted Computing, 1st edn. IBM Press (2007)
Chen, P.M., Noble, B.D.: When virtual is better than real. In: HOTOS-VIII, May 2001
Garfinkel, T., Mendel, R.: When virtual is harder than real: security challenges in virtual machine based computing environments. In: Proc of the 10th Workshop on Hot Topics in Operating Systems, pp. 210–217. USENIX Association, Berkeley (2005)
Kim, T.H., Basescu, C., Jia, L., Lee, S.B., Hu, Y., Perrig, A.: Lightweight source authentication and path validation. In: SIGCOMM (2014)
Xue-hai, P., Lin. C.: Architecture of trustworthy networks. In: 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (2006)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol, IETF RFC 2401, November, 1998. http://tools.ietf.org/html/rfc2401
Meenakshi, S.P., Raghavan, S.V.: Impact of IPsec overhead on web application servers. In: International Conference Advanced Computing and Communications, ADCOM 2006, pp. 652–657 (2006)
Chao, H.J.: Next generation routers (invited paper). Proceedings of the IEEE 90(9), 1518–1558 (2002)
ISO/IEC: International Standard ISO/IEC 27000, 3rd edn, January 15, 2014
Deepakumara, J, Heys, H.M, Venkatesan, R.: FPGA implementation of MD5 hahs algorithm. In: Proceedings of IEEE Canadian Conference on Electrical and Computer Engineering, CCECE 2001 (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhao, Y., Xu, K., Mijumbi, R., Shen, M. (2015). Design and Evaluation of a Policy-Based Security Routing and Switching System for Data Interception Attacks. In: Wang, Y., Xiong, H., Argamon, S., Li, X., Li, J. (eds) Big Data Computing and Communications. BigCom 2015. Lecture Notes in Computer Science(), vol 9196. Springer, Cham. https://doi.org/10.1007/978-3-319-22047-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-22047-5_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22046-8
Online ISBN: 978-3-319-22047-5
eBook Packages: Computer ScienceComputer Science (R0)