Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651957
Yutao Dong, Qing Li, R. Sinnott, Yong Jiang, Shutao Xia
The Border Gateway Protocol (BGP) is arguably the most important and irreplaceable protocol in the network. However, the lack of routing authentication and validation makes it vulnerable to attacks, including routing leaks, route hijacking, prefix hijacking, etc. Therefore, in this paper we propose a generalized framework for ISP self-operated BGP anomaly detection based on weakly supervised learning. To tackle the problem of insufficient data in BGP anomaly detection, we propose an approach to learn from the other anomaly detection systems through knowledge distillation. To reduce the impact of inaccurate supervision, we design a self-attention-based Long Short-Term Memory (LSTM) model to self-adaptively mine the differences between BGP anomaly categories, including both feature and time dimensions. Finally, we implement a system and demonstrate the performance through a set of comprehensive experiments. Compared with the state-of-the-art schemes, our scheme has better generalization on various anomaly types.
{"title":"ISP Self-Operated BGP Anomaly Detection Based on Weakly Supervised Learning","authors":"Yutao Dong, Qing Li, R. Sinnott, Yong Jiang, Shutao Xia","doi":"10.1109/ICNP52444.2021.9651957","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651957","url":null,"abstract":"The Border Gateway Protocol (BGP) is arguably the most important and irreplaceable protocol in the network. However, the lack of routing authentication and validation makes it vulnerable to attacks, including routing leaks, route hijacking, prefix hijacking, etc. Therefore, in this paper we propose a generalized framework for ISP self-operated BGP anomaly detection based on weakly supervised learning. To tackle the problem of insufficient data in BGP anomaly detection, we propose an approach to learn from the other anomaly detection systems through knowledge distillation. To reduce the impact of inaccurate supervision, we design a self-attention-based Long Short-Term Memory (LSTM) model to self-adaptively mine the differences between BGP anomaly categories, including both feature and time dimensions. Finally, we implement a system and demonstrate the performance through a set of comprehensive experiments. Compared with the state-of-the-art schemes, our scheme has better generalization on various anomaly types.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114916958","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651983
Zhenyu Zhou, Xiaowei Yang
Low latency is an important design goal for reliable data transmission protocols such as TCP and QUIC. However, timeout-based loss recovery can unnecessarily increase end-to-end latency. Previous work in reducing timeout-based loss recovery latency either duplicates every packet to avoid loss or focuses on fine-tuning the timeout timers to shorten the timeout latency without causing spurious packet retransmissions. In this work, we propose a new mechanism called Selective Loss Prevention (SLP) to reduce the loss recovery latency of a reliable transport protocol. Through extensive trace analysis, we find that not all lost packets are equal. The loss of packets with certain flags, such as SYN and PSH, is more likely to cause timeouts than other packets. Based on this observation, we propose to selectively duplicate an "important" packet whose loss is likely to increase a connection's latency. We design an algorithm to determine when to duplicate a lost packet proactively and incorporate it into TCP's congestion control algorithm so that duplicate packets will not congest the network. We incorporate SLP into Linux's kernel and evaluate its performance. Our results show that SLP can reduce timeout-based latency caused by the loss of important packets in a connection, and its overhead is low.
{"title":"Speeding Up TCP with Selective Loss Prevention","authors":"Zhenyu Zhou, Xiaowei Yang","doi":"10.1109/ICNP52444.2021.9651983","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651983","url":null,"abstract":"Low latency is an important design goal for reliable data transmission protocols such as TCP and QUIC. However, timeout-based loss recovery can unnecessarily increase end-to-end latency. Previous work in reducing timeout-based loss recovery latency either duplicates every packet to avoid loss or focuses on fine-tuning the timeout timers to shorten the timeout latency without causing spurious packet retransmissions. In this work, we propose a new mechanism called Selective Loss Prevention (SLP) to reduce the loss recovery latency of a reliable transport protocol. Through extensive trace analysis, we find that not all lost packets are equal. The loss of packets with certain flags, such as SYN and PSH, is more likely to cause timeouts than other packets. Based on this observation, we propose to selectively duplicate an \"important\" packet whose loss is likely to increase a connection's latency. We design an algorithm to determine when to duplicate a lost packet proactively and incorporate it into TCP's congestion control algorithm so that duplicate packets will not congest the network. We incorporate SLP into Linux's kernel and evaluate its performance. Our results show that SLP can reduce timeout-based latency caused by the loss of important packets in a connection, and its overhead is low.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"91 9","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132476906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651967
Yu Sun, Chi Lin, Haipeng Dai, Pengfei Wang, Jiankang Ren, Lei Wang, Guowei Wu
The rapid popularization of wireless power transfer (WPT) technology promotes the wide adoption of wireless rechargeable sensor networks (WRSNs). Traditional methods only focus on how to optimize network performance, and most of them overlook the energy waste issue induced by WPT. In this paper, we explore the potentials of recycling wasted energy when using WPT by means of freeloading. Specifically, with a slight modification on hardware, we expand the functionality of the mobile chargers (MCs), enabling them to harvest and recycle the WPT-induced wasted energy in the air to serve more sensors, which promotes energy efficiency. We model the problem, termed MEFree, as maximizing network energy efficiency by utilizing a limited number of freeloading MCs and scheduling their freeloading behaviors. Through jointly scheduling freeloading and charging tasks, the proposed scheme is able to solve the problem with a (1 − 1/e)/2 approximation ratio with a slightly relaxed budget. Extensive simulations are conducted and corresponding numerical results show that our proposed scheme significantly improves network energy efficiency by at least 18.8% and outperforms baseline algorithms by 19.1% on average in various aspects. Our test-bed experiments further demonstrate the practicability of our scheme in actual scenes.
{"title":"Recycling Wasted Energy for Mobile Charging","authors":"Yu Sun, Chi Lin, Haipeng Dai, Pengfei Wang, Jiankang Ren, Lei Wang, Guowei Wu","doi":"10.1109/ICNP52444.2021.9651967","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651967","url":null,"abstract":"The rapid popularization of wireless power transfer (WPT) technology promotes the wide adoption of wireless rechargeable sensor networks (WRSNs). Traditional methods only focus on how to optimize network performance, and most of them overlook the energy waste issue induced by WPT. In this paper, we explore the potentials of recycling wasted energy when using WPT by means of freeloading. Specifically, with a slight modification on hardware, we expand the functionality of the mobile chargers (MCs), enabling them to harvest and recycle the WPT-induced wasted energy in the air to serve more sensors, which promotes energy efficiency. We model the problem, termed MEFree, as maximizing network energy efficiency by utilizing a limited number of freeloading MCs and scheduling their freeloading behaviors. Through jointly scheduling freeloading and charging tasks, the proposed scheme is able to solve the problem with a (1 − 1/e)/2 approximation ratio with a slightly relaxed budget. Extensive simulations are conducted and corresponding numerical results show that our proposed scheme significantly improves network energy efficiency by at least 18.8% and outperforms baseline algorithms by 19.1% on average in various aspects. Our test-bed experiments further demonstrate the practicability of our scheme in actual scenes.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131966882","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651989
S. A. Fernandez, M. A. M. Marinho, M. Vakilzadeh, A. Vinel
Due to the ability to support a wide range of applications and to involve infrastructure elements, connected and automated vehicles (CAVs) technology has played an important role in the development of cooperative intelligent transport systems. Thus, with the available sensing system, CAVs can perceive the surrounding environment. Indeed, due to the involvement of CAVs, communication of vehicles to other related devices using vehicle-to-everything (V2X) communication plays critical roles. This paper summarizes the research and development trends when proposing driving models, with a particular attention to highway on-ramp merging scenarios. The challenges and future research directions are also presented.
{"title":"Highway On-Ramp Merging for Mixed Traffic: Recent Advances and Future Trends","authors":"S. A. Fernandez, M. A. M. Marinho, M. Vakilzadeh, A. Vinel","doi":"10.1109/ICNP52444.2021.9651989","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651989","url":null,"abstract":"Due to the ability to support a wide range of applications and to involve infrastructure elements, connected and automated vehicles (CAVs) technology has played an important role in the development of cooperative intelligent transport systems. Thus, with the available sensing system, CAVs can perceive the surrounding environment. Indeed, due to the involvement of CAVs, communication of vehicles to other related devices using vehicle-to-everything (V2X) communication plays critical roles. This paper summarizes the research and development trends when proposing driving models, with a particular attention to highway on-ramp merging scenarios. The challenges and future research directions are also presented.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114211456","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651920
Souvik Das, K. Saraç
The public Internet is a network of autonomously owned and operated networks. Outdated peering policies and lack of end-to-end performance guarantees are causing its ossification which have led large cloud and content providers to build their own global private backbone infrastructures. As much as these private backbones help eliminate public transit for content hosted across their networks, content hosted elsewhere is still carried over the public Internet. In this poster, we propose a model where these private backbone operators collaborate with the access-networks of content providers and consumers to implement end-to-end network services with better performance characteristics than the public Internet. We call the resulting end-to-end service domain as a "Private Internet".
{"title":"Poster: Private Internet: A Global End-to-End Service Model","authors":"Souvik Das, K. Saraç","doi":"10.1109/ICNP52444.2021.9651920","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651920","url":null,"abstract":"The public Internet is a network of autonomously owned and operated networks. Outdated peering policies and lack of end-to-end performance guarantees are causing its ossification which have led large cloud and content providers to build their own global private backbone infrastructures. As much as these private backbones help eliminate public transit for content hosted across their networks, content hosted elsewhere is still carried over the public Internet. In this poster, we propose a model where these private backbone operators collaborate with the access-networks of content providers and consumers to implement end-to-end network services with better performance characteristics than the public Internet. We call the resulting end-to-end service domain as a \"Private Internet\".","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"142 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116353117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651918
Minghao Ye, Junjie Zhang, Zehua Guo, H. J. Chao
Network operators usually adopt Traffic Engineering (TE) to configure the routing in their networks to achieve good load balancing performance and high resource utilization. While centralized TE can effectively improve network performance with a global view of the network, distributed TE has been considered as an alternative to manage large-scale networks that are usually partitioned into multiple regions. However, it is challenging for distributed TE to reach a global optimal performance since each region can make its local routing decisions only based on partially observed network states. In this paper, we propose a novel distributed TE scheme called FedTe, which leverages supervised learning coupled with a collaborative approach to improve the overall load balancing performance for multi-region networks. FedTe learns from the global optimal routing strategy in a centralized offline manner and predicts the optimal distribution of cross-region traffic among different regions through distributed deployment in real time. The predicted cross-region traffic distribution is integrated with measured local traffic to construct each region’s optimal regional traffic matrix, which is used to perform intra-region TE optimization. FedTe can also handle dynamic traffic variation and link failures with a 2-layer hierarchical graph neural network architecture. To validate the effectiveness of the proposed scheme, we evaluate FedTe with two real-world network topologies and a large-scale synthetic topology. Extensive evaluation results show that FedTe can achieve near-optimal load balancing performance and outperform state-of-the-art distributed TE approaches by up to 28.9% on average.
{"title":"Federated Traffic Engineering with Supervised Learning in Multi-region Networks","authors":"Minghao Ye, Junjie Zhang, Zehua Guo, H. J. Chao","doi":"10.1109/ICNP52444.2021.9651918","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651918","url":null,"abstract":"Network operators usually adopt Traffic Engineering (TE) to configure the routing in their networks to achieve good load balancing performance and high resource utilization. While centralized TE can effectively improve network performance with a global view of the network, distributed TE has been considered as an alternative to manage large-scale networks that are usually partitioned into multiple regions. However, it is challenging for distributed TE to reach a global optimal performance since each region can make its local routing decisions only based on partially observed network states. In this paper, we propose a novel distributed TE scheme called FedTe, which leverages supervised learning coupled with a collaborative approach to improve the overall load balancing performance for multi-region networks. FedTe learns from the global optimal routing strategy in a centralized offline manner and predicts the optimal distribution of cross-region traffic among different regions through distributed deployment in real time. The predicted cross-region traffic distribution is integrated with measured local traffic to construct each region’s optimal regional traffic matrix, which is used to perform intra-region TE optimization. FedTe can also handle dynamic traffic variation and link failures with a 2-layer hierarchical graph neural network architecture. To validate the effectiveness of the proposed scheme, we evaluate FedTe with two real-world network topologies and a large-scale synthetic topology. Extensive evaluation results show that FedTe can achieve near-optimal load balancing performance and outperform state-of-the-art distributed TE approaches by up to 28.9% on average.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116229852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Emerging Software-Defined Networking (SDN) technique brings new opportunities to improve network performance. Some SDN-enabled programmable switches are deployed in legacy networks, and thus legacy and programmable switches could coexist, generating hybrid SDNs. In this paper, we study the node upgrade for layer-2 hybrid SDN and propose Shortcutter to accelerate the transmission. Preliminary results show that the proposed Shortcutter can reduce the forwarding path’s length 7% on average, compared with baseline solutions.
{"title":"Poster: Enabling Fast Forwarding in Hybrid Software-Defined Networks","authors":"Yijun Sun, Zehua Guo, Songshi Dou, Junjie Zhang, Changlin Li, Xiang Ouyang","doi":"10.1109/ICNP52444.2021.9651943","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651943","url":null,"abstract":"Emerging Software-Defined Networking (SDN) technique brings new opportunities to improve network performance. Some SDN-enabled programmable switches are deployed in legacy networks, and thus legacy and programmable switches could coexist, generating hybrid SDNs. In this paper, we study the node upgrade for layer-2 hybrid SDN and propose Shortcutter to accelerate the transmission. Preliminary results show that the proposed Shortcutter can reduce the forwarding path’s length 7% on average, compared with baseline solutions.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124555449","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651948
Jason Hussey, Ethan Taylor, Kerri Stone, T. Camp
Network traffic classification is used to identify the nature of traffic on a network. Entities capable of monitoring net-work traffic use classification for all manner of reasons, including identification of mobile applications being used on the network. It is possible that the usage of encrypted messaging applications by users on these networks can be detected, betraying elements of their privacy.In this paper, we describe a system that leverages campus network resources to generate real-world data alongside a more curated dataset captured from Android application traffic. We also explore the ability of machine learning (ML) models to accurately classify traffic from these encrypted messaging applications. Understanding what is revealed from network data is important given that the use of these applications is meant to maximize privacy in the first place.
{"title":"Poster: Data Collection for ML Classification of Encrypted Messaging Applications","authors":"Jason Hussey, Ethan Taylor, Kerri Stone, T. Camp","doi":"10.1109/ICNP52444.2021.9651948","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651948","url":null,"abstract":"Network traffic classification is used to identify the nature of traffic on a network. Entities capable of monitoring net-work traffic use classification for all manner of reasons, including identification of mobile applications being used on the network. It is possible that the usage of encrypted messaging applications by users on these networks can be detected, betraying elements of their privacy.In this paper, we describe a system that leverages campus network resources to generate real-world data alongside a more curated dataset captured from Android application traffic. We also explore the ability of machine learning (ML) models to accurately classify traffic from these encrypted messaging applications. Understanding what is revealed from network data is important given that the use of these applications is meant to maximize privacy in the first place.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126406384","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651979
Linir Zamir, Aman Shaan, Mehrdad Nojoumian
Consensus protocols are a key feature in decentral-ized systems where multiple unreliable nodes operate, e.g., in Blockchain technologies with many worldwide applications such as supply chain management, cryptocurrencies and information sharing. ISRaft is a consensus protocol built upon Raft, a previously developed protocol that is used for replicated state machines when a group of nodes is required to achieve a consensus related to the state of the machine. This paper therefore proposes an alternative version of the ISRaft consensus protocol to allow communication among nodes in a secured fashion while maintaining the security features of the original ISRaft algorithm even in the presence of adversarial nodes. The proposed model utilizes a trust parameter to enforce cooperation, i.e., a trust value is assigned to each node to prevent malicious activities over time. This is a practical solution for autonomous units with resource-constrained devices where a regular encrypted communication method can negatively affect the system performance.
{"title":"ISRaft Consensus Algorithm for Autonomous Units","authors":"Linir Zamir, Aman Shaan, Mehrdad Nojoumian","doi":"10.1109/ICNP52444.2021.9651979","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651979","url":null,"abstract":"Consensus protocols are a key feature in decentral-ized systems where multiple unreliable nodes operate, e.g., in Blockchain technologies with many worldwide applications such as supply chain management, cryptocurrencies and information sharing. ISRaft is a consensus protocol built upon Raft, a previously developed protocol that is used for replicated state machines when a group of nodes is required to achieve a consensus related to the state of the machine. This paper therefore proposes an alternative version of the ISRaft consensus protocol to allow communication among nodes in a secured fashion while maintaining the security features of the original ISRaft algorithm even in the presence of adversarial nodes. The proposed model utilizes a trust parameter to enforce cooperation, i.e., a trust value is assigned to each node to prevent malicious activities over time. This is a practical solution for autonomous units with resource-constrained devices where a regular encrypted communication method can negatively affect the system performance.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133589163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ICNP52444.2021.9651913
Sara Bitan, Adi Molkho
We present STIP, a new model for Scalable Trusted IP networks, that are secure and resilient to cyber-attacks without impairing reliability. STIP addresses managed network use-cases including enterprise network authentication and authorization, and ISP use-cases, including trust based routing, and application aware networking. It can provide an enabling infrastructure that improves resilience to the painful BGP hijacking and distributed denial of service attacks.At the data plane, STIP consists of a trusted forwarding engine, that uses authenticated trust extensions to process traffic reliably. At the control and management plane STIP divides the network into trust domains that evaluate trustworthiness of devices in the domain, and distribute it securely using transitive trust. Our vision is Internet-wide STIP deployment . We present a migration process based on trust domains that can be used to gradually upgrade current IP networks to STIP.
{"title":"STIP: A new model of trusted network","authors":"Sara Bitan, Adi Molkho","doi":"10.1109/ICNP52444.2021.9651913","DOIUrl":"https://doi.org/10.1109/ICNP52444.2021.9651913","url":null,"abstract":"We present STIP, a new model for Scalable Trusted IP networks, that are secure and resilient to cyber-attacks without impairing reliability. STIP addresses managed network use-cases including enterprise network authentication and authorization, and ISP use-cases, including trust based routing, and application aware networking. It can provide an enabling infrastructure that improves resilience to the painful BGP hijacking and distributed denial of service attacks.At the data plane, STIP consists of a trusted forwarding engine, that uses authenticated trust extensions to process traffic reliably. At the control and management plane STIP divides the network into trust domains that evaluate trustworthiness of devices in the domain, and distribute it securely using transitive trust. Our vision is Internet-wide STIP deployment . We present a migration process based on trust domains that can be used to gradually upgrade current IP networks to STIP.","PeriodicalId":343813,"journal":{"name":"2021 IEEE 29th International Conference on Network Protocols (ICNP)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129069266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: