Networking and Communication Engineering

K. Venkatesh Sharma ¹, K. Hanumantha Rao ¹, Vannoj Ravi Kumar ¹

Affiliations
1 Sri Indu College of Engineering and Technology, IN

Abstract

In sensor networks, an intruder (i.e., compromised node) identified and isolated in one place can be relocated and/or duplicated to other places to continue attacks; hence, detection and isolation of the same intruder or its clones may have to be conducted repeatedly, wasting scarce network resources. Therefore, once an intruder is identified, it should be known to all innocent nodes such that the intruder or its clones can be recognized when appearing elsewhere. However, secure, efficient and scalable sharing of intruder information remains a challenging and unsolved problem. To address this problem, we propose a three-tier framework, consisting of a verifiable intruder reporting (VIR) scheme, a quorum based caching (QBC) scheme  for efficiently propagating intruder reports to the whole network, and a collaborative Bloom Filter (CBF) scheme for handling intruder information locally. Extensive analysis and evaluations are also conducted to verify the efficiency and scalability of the proposed framework.

Keywords

Network Security, Routing Alogrithms Intruder Information Caches, Dedicated Membership Servers, IP Spoofing.

Full Text

     

Srikar ¹, K. Hanumantha Rao ², K. Venkatesh Sharma ³

Affiliations
1 Sri Indu College of Engineering & Technology, JNTU Hyderabad, IN
2 JNTU Hyderabad, IN
3 CSE Dept. at Sri Indu College of Engineering & Technology, IN

Abstract

The Distributed Denial-of-Service (DDoS) attack is a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the ability of attackers to forge or spoof the source addresses in IP packets. By employing IP spoofing, attackers can evade detection and put a substantial burden on the destination network for policing attack packets. In this paper, we propose an interdomain packet filter (IDPF) architecture that can mitigate the level of IP spoofing on the Internet. A key feature of our scheme is that it does not require global routing information. IDPFs are constructed from the information implicit in Border Gateway Protocol (BGP) route updates and are deployed in network border routers. We establish the conditions under which the IDPF framework correctly works in that it does not discard packets with valid source addresses. Based on extensive simulation studies, we show that, even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of an attack packet to a small number of candidate networks.

Keywords

IP Spoofing, DDoS, BGP, Network-Level Security and Protection, Routing Protocols.

Full Text

     

K. Venkatesh Sharma ¹, K. Hanumantha Rao ², B. Satish Kumar ³

Affiliations
1 CSE Dept. at Sri Indu College of Engineering & Technology, IN
2 Nagarjuna University, Guntur, IN
3 Sri Indu College of Engineering & Technology, JNTU Hyderabad, IN

Abstract

Security has become one of the major issues for data communication over wired and wireless networks. Different from the past work on the designs of cryptography algorithms and system infrastructures, we will propose a dynamic routing algorithm that could randomize delivery paths for data transmission. The algorithm is easy to implement and compatible with popular routing protocols, such as the Routing Information Protocol in wired networks and Destination-Sequenced Distance Vector protocol in wireless networks ,without introducing extra control messages. An analytic study on the proposed algorithm is presented, and a series of simulation experiments are conducted to verify the analytic results and to show the capability of the proposed algorithm.

Keywords

Security-Enhanced Data Transmission, Dynamic Routing, RIP, DSDV.

Full Text

     

K. Venkatesh Sharma ¹, K. Hanumantha Rao ², K. Ramu ³

Affiliations
1 CSE Dept. at Sri Indu College of Engineering & Technology, IN
2 Nagarjuna University,Guntur, IN
3 Sri Indu College of Engineering & Technology, JNTU Hyderabad, IN

Abstract

Server less distributed computing has received significant attention from both the industry and the research community. Among the most popular applications are the wide-area network file systems, exemplified by CFS, Far site, and Ocean Store. These file systems store files on a large collection of entrusted nodes that form an overlay network. They use cryptographic techniques to maintain file confidentiality and integrity from malicious nodes. Unfortunately, cryptographic techniques cannot protect a file holder from a denial-of-service (DoS) attack or a host compromise attack. Hence, most of these distributed file systems are vulnerable to targeted file attacks, wherein an adversary attempts to attack a small (chosen) set of files by attacking the nodes that host them. This paper presents Location Guard—a location hiding technique for securing overlay file storage systems from targeted file attacks. Location Guard has three essential components: 1) location key, consisting of a random bit string (e.g., 128 bits) that serves as the key to the location of a file, 2) routing guard, a secure algorithm that protects accesses to a file in the overlay network given its location key such that neither its key nor its location is revealed to an adversary, and 3) a set of location inference guards, which refer to an extensible component of the Location Guard. Our experimental results quantify the overhead of employing Location Guard and demonstrate its effectiveness against DoS attacks, host compromise attacks, and various location inference attacks.

Keywords

File Systems, Overlay Networks, Denial-Of-Service Attacks, Performance and Scalability, Location Hiding.

Full Text