Survey of Techniques for Robust and Secure Communication
in Computer Networks
Maitreya Natu, University of Delaware (firstname.lastname@example.org)
Adarshpal Sethi, University of Delaware (email@example.com)
Richard Gopaul, U.S. Army Research Laboratory
Rommie Hardy, U.S. Army Research Laboratory (firstname.lastname@example.org)
Technical Report No. 2007/337
Department of Computer & Information Sciences
University of Delaware
Newark, DE 19716
Various approaches have been presented in the past for measurement of network
performance metrics to detect faults, performance bottlenecks, or malicious behavior.
These approaches can be broadly classified into control plane and data plan
Control plane approaches verify the operation of
ata plane approaches observe violations in the forwarding decisions
In a control plan
e attack, falsely issued rou
ting advertisements can manipulate other
routers' view of
network and disrupt network services [
]. Various attempts
have been made to solve this problem
including the development of
ensure that valid routing advertisements correctly identify the links between non
even these secure protocols
can not prevent
the spread of
information during a
attack. An example of such
] in which colluding nodes create
illusion that two remote regions of
MANET are directly connected through nodes that appear to be neighbors, but are
actually distant from one another. Th
e routing protocol, in t
his case, will propagate the
false wormhole link information allowing
attackers to attract traffic from other parts
of the network so it is routed through them and can subsequently be controlled, e. g., to
delay, damage, discard, or misroute packets. T
here have been a variety of efforts [
] to impart guarantees to existing routing protocols with
varying levels of cost and protection. These approaches are based on ensuring
authenticity of route updates and detecting inconsisten
cy between route updates.
* Prepared through collaborative participation in the Communications and Networks Consortium sponsored
by the U.S. Army Research Laboratory under the Collaborative Technology Alliance Program, Cooperative
0011. The U.S. Government is authorized to reproduce and distribute reprints
for Government purposes notwithstanding any copyright notation thereon.
Because routing protocols do not verify forwarding behavior, availability can still be
compromised even in
presence of secure routing protocols. This
presents opportunities for denial
of service, as well as
packet sniffing, modification
insertion. To mitigate the risk due to malicious forwarding, secure forwarding protocols
] have been proposed. Perlman
of reserved buffers, digital signatures
and source routing for robust routing.
researchers have proposed approaches to probe the path to test
consistency of the advertised
] compares TCP data and ACK packets to
end connectivity paths. [
] performs traffic monitoring at the
intermediate routers. [
] performs end
end probing using source routing and
authentication mechanisms. WATCHER
] proposes a distributed monitoring
approach based on the concept of conservation of flow. However, the WATCHERS
protocol has many limitations, many of which are documented by Hug
hes et al
]. Herzberg and Kutten in [
have proposed th
e combined use
acknowledgements, timeouts, and fault announcements to detect packet forwarding
faults. They present various protocols trading off the communication and time optimality.
, we present a survey of
against malicious attacks. In Section 2, we
secure the routing protocols.
Section 3 presents the work do
e in securing the data plane
passive monitoring and probing approaches.
a survey of work done in Active Networks.
potential directions for
future research and
in Section 5 we present our
2. Secure routing protocols:
Encryption to make data and control traffic indisti
was first suggested by
Perlman classifies network failures into simple and
Byzantine failures. In
case of a simple failure, a component simply becomes
inoperative, whereas in a Byzantine failure, a component becomes
faulty, and yet
continues to work (incorrectly). The routing protocols proposed by Perlman use reserved
buffers, together with digital signatures to ensure that a packet will not be dropped
because of congestion at a node by excessive traffic. Digital sig
natures authenticate the
source of each packet, and a buffer should be specifically allocated to accommodate a
packet from its intended source. The key idea is to use robust flooding to distribute link
state packets and the public keys of all nodes through
out the network. Robust data
routing is then accomplished by having end hosts construct digitally signed source routes
using the link
state information they have gathered. However
flooding on a global scale
is likely to be infeasible. Secondly
ach end host to do source routing would
ISP’s ability to engineer network traffic.
Perlman developed robust flooding, a method to deliver a packet to all good routers. This
requires a good path condition, which states that each pair of non
ty routers is
connected by at least one path of non
faulty routers. Robust floo
ding was designed to be
for public key distribution and broadcasting link state packets. Perlman also
developed a novel method for robust routing on top of a link state pro
tocol. In this
method, a source router first computes a route based on it
local database and then sends
a digitally signed route
setup packet along the chosen route. Each intermediate router on
the route verifies the signature and allocates the necessary
resources for the data packet.
If the source router receives an acknowledgment of route
setup from each of the
on the chosen route, then it sends the data packet. The destination
back another acknowledgment when it receive
s the data packet.
If the source
does not receive this acknowledgment for the data packet from the destination, then it
detects that the chosen route is not reliable and computes a new route.
Research has been done on securing link state [
and distance vector [
] routing protocols for wired networks. Researchers have
also addressed the security issues in OSPF [
] and BGP [
] address the intrusion detection problem for generic link state an
domain routing protocols in the Internet like BGP include no
mechanism for verifying either the authenticity or the accuracy of the distributed routing
traffic can be severely disrupted by routers
o serve their
advertised routes due to malfunction or malice. To solve this problem, s
have been proposed.
] requires routing information
to be authenticated. In particular, Secure BGP proposes use of publi
c key infrastructure
(PKI) and IPSec to enable a BGP speaker to validate the authenticity
and data integrity of
E messages that it receives and to verify the identity and authorization of
the senders. However
the overhead of authentication could
be large and prohibitive.
authentication can only ensure reliable identification of the information’s
origin. It does not solve the problem of identifying the faulty routing information com
from a compromised router. Ano
ther approach is propos
ed in the Router Arbiter
], where a central registry of plausibility information about routing
advertisements is maintained. This allows discarding
blatantly invalid routing
information, but it is still vulnerable to false rout
that a router
advertise but may not
a protection mechanism that uses cryptographic
BGP protocol (
) and data
packet flow monitors that verify
whether the routes obtained by
are operational (
cryptographic functions along with routing redundancy to detect bogus route
advertisements in the control plane.
the data plane and checks
whether the underlying routes to different destinations work. The general idea
to monitor TCP flows and to draw conclusions about the state of a route from this
Research has been done in securing distance vector routing protocols.
uses Message Authentication Codes
stand node compromise. Smith et al
analyzed security requirements of distance vector routing protocols.
vulnerabilities in these protocols and present
measures to protect rou
across the network.
They also proposed a protection mechanism based on the use of
predecessor information to protect routing updates from subverted routers. Zapata
] proposes SAODV as a security extension to AODV using
chain for each Route Discovery. A number of security protocols have
for RIP [
]. These protocols
packet integrity but are still
vulnerable to the case when a node
compromised. The use of asymmetric
aphy has been proposed by
but overhead of asymmetric signature verification poses a Denial of Service threat.
Symmetric primitives have been used by Cheung [
], Hauser et al
and Perrig et al
] for secure routing. [
Byzantine detection protocols that are based on efficient symmetric cryptographic
primitives and addresses the issues such as replay and denial of service protection.
] and Basagni et al
] have used shared keys to secure
As mentioned in [
], source authentication is more of a concern in routing than
fidentiality. Papadimitratos et al
] suggested disabling route caching and
thentication to prevent impersonatio
n and replay attacks. Dahill et al
] present security threats against ad hoc routing protocols, specifically
examining AODV [
] and DSR [
]. They propose a protocol,
Authenticated Routing for Ad hoc Netw
orks (ARAN), which provides
securing routing in the managed
open environment. It provides authentication and non
repudiation services using predetermined cryptogr
aphic certificates that guarantee
end authentication. In doing so, ARAN
limits or prevents attacks that can afflict other
Hu et al
have proposed various approaches [
] in securing routing
protocols. In [
] they propose a secure ad hoc network routing protocol based on the
design of Destin
Vector routing protocol (DSDV). SEAD uses
way hash functions instead of asymmetric cryptographic operations to create an
efficient, practical appro
ach. In their other work, Hu et al
have designed a secure on
demand routing protoc
ol for ad hoc networks, called Ariadne [
]. Ariadne uses end
end measures for security and Message Authentication Codes
SEAD unlike Ariadne operates on a hop
hop basis and uses elements from a one
hash chain for authenticat
] proposes a self
organized PKI suitable for mobile ad hoc networks.
] proposes securing OSPF with digital signatures.
Researchers have worked on providing an effective public key infrastructure in an ad
wireless environment. Huba
ux et al
] proposed a completely decentralized
key distribution system similar to the PGP (Pretty Good Privacy) public
cryptography software that has become the
standard for the encryption of
electronic mail and data [
rown et al
] showed how PGP is a
viable option for wireless constrained devices. [
] proposes the use of digital
signatures and shared key encryption to secure ad hoc routing protocols. Zhou and Haas
] use traditional security mechanisms,
such as authentication protocols, digital
ures, and encryption to secure
ad hoc networks. Besides that, they further take
advantage of redundancies in the network topology (i.e., multiple routes between nodes)
to achieve availability. They also propo
se another principle called distributio
n of trust.
Although no single
node is trustworthy in ad hoc network
s because of lo
security and availability, trust can be distributed to an aggregation of nodes. Assuming
nodes will be all compromised, consensus of at least t+1
nodes is trustworthy.
3. Securing the data plane:
IP routing is vulnerable to disruptions caused by malfunctioning or malicious attacks.
Although secure routing protocols are an important defense,
the data plane must be part
of any complete solution. The approaches to secure the data plane can be broadly
classified into two categories: passive monitoring and probing.
Passive monitoring does not produce additional traffic. Rather it listens to tra
transits through a particular point on a network. At its simplest, counts are made of
packets; in more sophisticated implementations, analysis is done by inspecting packet
headers. Passive measurements are mainly used to measure metrics pertainin
g to a certain
network element, e.g., at
point metrics such as link throughput, and packet size
statistics. Some passive monitoring schemes are presented in [
passive monitoring approach presented in [
] analyzes traffic at vario
us points in
the network. Inconsistency in ingress and egress traffic indicate
] detects dropping of packets, Fatih [
] also considers other types
of attacks like modification, substitution, reordering, and incorrect
forwarding of packets.
] propose an approa
ch where a subset of packets is
sampled by routers and these
packets are examined by an external engine.
Probing or active monitoring involves sending traffic onto a network to sample its
behavior. This traf
fic is sent in the form of probes which can vary from simple probes
such as pings to complex test transactions
. Probing is typically
used to obtain end
end statistics such as latency, loss, and route availability. The main
of probing is its invasive character. Probes may modify route conditions
and perturb the very traffic one is trying to monitor. To minimize these effects, probe
low average bandwidth are used.
Some examples of probing approaches are
e and stealthy probing. Secure t
] sends probing
packets to detect packet drop, modification
and incorrect forwarding of packets. Stealth
] sends probing packets through an encrypted channel with normal
packets taking ca
re to make probe packets indistinguishable from normal packets.
Below we look at both of these approaches in more detail. We also present a survey of
research done in the field of active networks as a possible defense tool to secure the data
3.1 Passive monitoring:
] propose a system to detect malicious routers
when packets do not follow their predicted paths. The system works
as part of
measurement platform using packet sampling. Differen
t subsets of packets are sampled
over different groups of routers to ensure that an attacker can not completely evade
detection. The sampled packets are
examined by an external measurement engine.
Bradley et al
in the WATCHERS [
] project exploi
e conservation of flow
to propose a protocol for detecting and avoiding routers that are dropping or
misrouting packets. The law of Conservation of Flow states that an input must either be
absorbed or sent on as an output (possibly with modif
ication). The conservation of flow
is tested by letting routers periodically count and report the number of bytes which enter
and leave their interfaces. This approach requires the presence of at least one good
neighbor to an adversarial router. [
eviews the WATCHERS protocol and
es several attacks that defeat the
protocol, followed with suggestions for
improvements to make the use of Conservation of Flow valid. Fatih [
other types of attacks including packet modification, su
reordering, by making routers compute hashes of packet content as well as ordering.
] uses a reliable traffic validation mechanism to build an anomalous
behavior detector for compromised routers. The paper pr
esents protocols where each
router collects traffic information over some agreed
upon time interval, and then uses
consensus to have other
routers agree upon traffic information. With
this information, each router agrees upon which routers
might be faulty.
], a technique for wireless ad
hoc networks is proposed to enable a node to
check if the neighboring node did in fact forward the packet onward without tampering
] proposes the use of promiscuous mode to make tru
sted nodes monitor
their neighbors. The strategy does not work well when a node is not able to listen to its
neighbor due to different modulations in multi
rate wireless networks. The method is also
vulnerable to collaborating adversaries. This technique m
akes a strong assumption that
nodes can hear the onward transmissions of their neighbors.
] proposes a light
plane mechanism called stealth probing to
monitor the availability of paths in a secure fashion. This approach ad
dresses threats that
arise when routers
compromised. Stealth probing creates an encrypted tunnel between
routers and diverts both the data and probe traffic into the tunnel. Since data and
probe traffic are indistinguishable, the adversary can
not drop the data packets without
dropping the probe packets as well, making it difficult to evade detection. Rather than
requiring ubiquitous deployment, stealth probing deployment can be need
protect critical traffic between selected edge networ
Secure traceroute [
] proposes another approach in which routers and
hosts adaptively detect poorly performing routers and use a secure traceroute
protocol to identify offending routers. The normal traceroute [
] involves the
der simply sending packets with increasing TTL values, and waiting for an ICMP
exceeded response from the node that receives the packet when the TTL expires.
Normally this generates addresses of the nodes on
path to the destination or up to the
int where packets are being dropped on a faulty link. However a mali
cious router could
alter the tra
ceroute traffic to give a misleading impression. For instance, a malicious
router can selectively allow only traceroute packets to go through while dropping
other traffic, or can
a fully functional path, or a path with problem
elsewhere. Secure traceroute can prevent such disruptions by verifying the origin of
responses, and preventing traceroute packets from being handled differently from
rdinary traffic. The key idea behind secure traceroute is to securely trace the path of
existing traffic, rather than special traceroute packets to prevent
treating the probe traffic and normal traffic differently. Secure traceroute respo
also authenticated, to verify their origin and prevent spoofing and tampering.
Work on IP traceback [
] solves a different problem related to
by secure traceroute. IP traceback determines which routers a specified subset
traverses. The information provided by the routers is trusted. This approach is used to
typically identify the attack traffic. Secure traceroute, on the other hand, is used to
traffic did in fact traverse a router.
t network protocols do not have the capability to detect the malicious packet
dropping attack. Link layer acknowledgment
, such as
IEEE 802.11 MAC
protocol, can detect link layer break, but can not detect forwarding level break. Upper
, such as TCP ACK
for detecting end
communication break, but they
can be inefficient. Also,
can not detect the failure
] presents a proactive distributed probing technique to detect and
mitigate malicious packet
dropping attack. In the proposed approach, every node pro
actively monitors the forwarding behavior of other nodes to detect if any of them fail to
perform the forwarding function. Probes are made indistinguishable from the data traffic
to prevent special
treatment of probe packets by the malicious nodes.
] outlines a technique to trace spoofed packets coming from DoS attackers back
to their actual source. The approach is based on mapping the paths from
victim to all
possible networks and then
working back through the tree, loading lines or router
observing changes in the rate of invading packets. The technique
elimination of all but a handful of networks that could be the source of the attacking
Kutten in [
have proposed the combined use
acknowledgements, timeouts, and fault announcements to detect packet forwarding
faults. They present various protocols trading off the communication and time optimality.
The protocols presented are in an
abstract model. Some of the issues involved in
realization of these protocols are addressed in
Byzantine detection protocol and switches between the
communication optimal and time optimal protocols b
ased on the degree of penetration of
the adversary in the network.
Secure forwarding protocols such as [
availability monitoring and secure fault localization at
link level. However, such
protocols lead to high overhea
d inappropriate for the general forwarding paradigm.
proposes protocols that are able to route packets as long as at least one non
faulty path exists between the source and the destination. The protocol uses source
routing, destination acknowledg
ments, timeouts, fault announcements, authentication,
reserved buffers, sequence numbers, and round
robin scheduling to provide Byz
robustness and detection
] proposes an on
demand routing protocol for ad hoc
wireless networks that provides r
esilience to Byzantine failures. It presents an adaptive
probing technique that detects a malicious link after log n faults have occurred, where n is
the path length. These links are then avoided by multiplicatively increasing their weights
and by using an
demand route discovery protocol that finds
least weight path to
the destination. While [
] proposes use of MACs and encryption, Nicephorus
] uses MACs and hashes for building Byzantine detection protocols.
3.3 Active networks:
networks integrated with probing techniques hold potential to provide effective
monitoring solutions. In the past [
], research has been done on active networks
to develop an architecture in which network nodes perform customized computations on
essages flowing through them. Two approaches to active networks have been
proposed, discrete and integrated. Programmable switches provide a discrete approach
where the processing of the messages is architecturally separated from the business of
programs into the node. Users would first inject their custom processing
routines into the required routers. Then they would send their packets through such
programmable nodes. When a packet arrives at a node, its header is examined and the
gram is dispatched to operate on its contents. Capsules provide a more
extreme view of active networks in which every message is a program. Every message, or
capsule, that passes between nodes contains a program fragment that may include
embedded data. Whe
n a capsule arrives at an active node, its contents are evaluated.
Development of this infrastructure suggests development
of common models for
program encoding, the built
in primitives available at each node, and the description and
allocation of node
Active networks [
e new applications that rely on
the network based
merging of information, user
aware network protection, and active network management.
] discusses the potential impact of active network services on applic
how such services can be built and deployed. It presents an architecture that adds
extensibility at the network layer and allows for incremental deployment of active nodes
within the network. [
] argues that the ability to introduce active
important opportunities for end
end performance improvement of distributed
applications. It presents and analyzes the performance of an active network protocol that
uses caching within the network backbone to reduce load on both servers
4. Promising directions for future research:
the research done so far, current network
still vulnerable to
a variety of
malicious attacks. There are several reasons that account for this network state. The
manifest themselves in innovative ways, defeating the mechanisms that defend
against a specific attack. Secondly, there is lack of deployment incentive for these
defenses. The amou
nt of instrumentation involved
and the added overhead also cause a
ce against large scale deployment of the solutions. With increasing usage of
wireless networks, attackers are exploiting new vulnerabilities in the network. Thus there
is a need to develop more robust solutions to defend against these attacks. In this sect
we discuss some potential dire
ctions to develop such defenses.
end nature and inherent probe selection flexibility of probing techniques
weight yet effective solutions. A possible research direction
evelop innovative probes that not just detect availability, but also compute
various performance metrics. One possible direction is to integrate probing techniques
with active networks, where probes could carry instructions to run specific routines at
cific nodes. Another approach could be
make probes carry self
with them to run on the destination nodes. Such powerful tools could provide innovative
and robust solutions to defend against many intelligent intrusions and DDoS attacks.
specific example of such probing techniques is to use probes that instruct a few selected
nodes to probabilistically drop or delay packets for a certain period of time. This
technique can help to detect false reporting of statistics by compromised nodes. M
research is needed to test the effectiveness of this scheme.
Another avenue of research worth exploring is to prevent compromised nodes from
detecting probe traffic, either by explicitly viewing the contents of packets passing
through them or through
an analysis of traffic patterns.
Use of encrypted tunnels can
prevent snooping by intermediate nodes, but has high overhead so it may not be desirable
to use for all traffic. A promising direction of research is to send probe traffic in the form
through different paths
to prevent an attacker from
correlating traffic patterns.
Both active probing and passive monitoring techniques have their own strengths and
weaknesses. However, the approaches complement each other in certain ways. An
active probing and passive monitoring solution can provide a sophisticated
solution against many malicious attacks. Passive monitoring techniques could provide
grained monitoring of per node performance parameters, while active probing could
n efficient correlation and analysis of the collected information.
With increasing usage of wireless networks and presence of dynamic environments like
MANETs, it is very important to develop solutions that can adapt to changing network
a need to develop
adaptive network monitoring
architecture. It would be interesting to explore solutions that could work
no topology information.
, we presented a survey of
communication against malicious attacks
. We presented various security measures
proposed to secure the
routing protocols. We then discussed various passive monitoring
and probing approaches proposed to secure the data plane.
ncluded with a
promising directions for future research to develop effective
secure communication in today's dynamic environment of wireless networks.
The views and conclusions contained in this document are those of the authors
should not be
interpreted as representing the official policies, either expressed or
implied of the Army Research
Laboratory or the U.S. Government.
a] I. Avramopoulos, H. Kobayashi, R. Wang, and A. Krishnamurthy,
“Highly Secure and E
fficient Routing”, In Proc. IEEE Infocom, Mar. 2004
b] I. Avramopoulos, H. Kobayashi, R. Wang, and A. Krishnamurthy,
“Amendment to Highly Secure and Efficient Routing,” Feb. 2004. Addendum to
c] I. Avramopoulos, A. Krishnamurthy
H. Kobayashi, and R.
“Nicephorus: Striking a Balance between the Recovery Capability and the Overhead
of Byzantine Detection,” Technical Report TR
04, Dept. of Computer Science,
[AVRA06] I. Avr
amopoulos and J. Rexford, “Stealth Probing: Efficient Data
Security for IP Routing,” In Proc. USENIX Annual Technical Conference, Boston,
MA, May 2006
[AWER02] B. Awerbuch, D. Holmer, C. Nita
Rotaru, and H. Rubens, “An On
Demand Secure Routing Prot
ocol Resilient to Byzantine Failures”, In Proc. ACM
Workshop on Wireless Security, Sep. 2002
[BAKE97] F. Baker and R. Atkinson, “RIP
2 MD5 Authentication,” RFC 2082, Jan.
[BASA01] S. Basagni, K. Herrin, E. Rosti, and D. Bruschi, “Secure Pebblenets
ACM International Symposium on Mobile Ad Hoc Networking and Comp
(MobiHoc 2001), pages 156
163, Long Beach, CA, Oct.
A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R. A. Olsson,
“Detecting Disruptive Routers: A Distribute
d Network Monitoring Approach,” In
Proc. of the 1998 IEEE Symposium on Securit
y and Privacy, pp. 115
M. Brodie, I. Rish, S. Ma, G. Grabarnik, and N. Odintsova.
Technical report, IBM
M. Brown, D. Cheung, D. Hankerson, J. Hernandez, M. Kirkup, and A.
Menezes, “PGP in con
strained wireless devices,” in t
Symposium, USENIX, Aug. 2000
[BURC00] H. Burch and B. Cheswick, “Tracing Anonymous Packets to Their
Source”, 2000 Usenix LISA conference, New Orleans
[CHEU97] S. Cheung, “An Efficient Message Authentication Scheme for Link State
Routing,” In 13th Annual Computer Security Applications Conference, 1997.
[DAHI01] B. Dahill, B. Levine, C. Shields, and E.
Royer, “A Secure routing protocol
for ad hoc networks,” Technical Report 01
37, Department of Computer Science,
University of Massachusetts,
[GOOD01] M. T. Goodrich, “Efficient and secure network routing algorithms,”
tent filing, Jan. 2001.
[GOOD03] G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. McDaniel, a
Rubin, “Working around BGP
: An incremental approach to improving security and
accuracy of interdomain routing,” In Proc. Network and Distributed System S
Symposium, NDSS 03, San Diego, CA, Feb. 2003.
[HAUS97] R. Hauser, A. Przygienda, and G. Tsudik, “Reducing the Cost of
Security in Link State Routing,” In Symposium on Network and Distributed Syste
Security (NDSS 97), pages 93
[HEFF98] A. Heffernan, “Protection of BGP Sessions via the TCP MD5 Sig
Option,” RFC 2385, Aug.
[HERZ00] A. Herzberg and S. Kutten, “Early Detection of Message Forwarding
SIAM Journal on Computing
, Vol. 30, No. 4, pages 1169
C. Hu, A. Perrig, and M. Sirbu, “SPV: A Secure Path Vector Routing
Scheme for Securing BGP,” In Proc. ACM SIGCOMM, Sep. 2004.
C. Hu, A. Perrig, and D. B. Johnson, “SEAD: Secure Efficient Distance
Vector Routing for Mobile
d Hoc Networks,” I
EEE WMCSA 2002, June
C. Hu, A. Perrig, and D. B. Johnson, “Ariadne: A Secure On
Routing Protocol for Wireless Ad Hoc Networks,” Technical Report TR01
Department of Computer Science, Rice University
P. Hubaux L. Buttyan, and S. Capkun, “The Quest for Security
Mobile Ad Hoc Networks,” in t
ACM Symposium on Mobile Ad Hoc
Networking and Computing, Oct. 2001.
R. Hughes, T. Aura,
M. Bishop, "Using Conservation of Flow
Security Mechanism in N
2000 IEEE Symposium on Security and
Privacy (S&P 2000), 2000.
D.B. Johnson, D.
A. Maltz, and J. Broch, “DSR: The Dynamic Source
Routing Protocol for Multi
Hop Wireless Ad Hoc Networks,” in Ad Hoc Net
ch. 5, pp. 139
[JUST03] M. Just, E. Kranakis,
T. Wan, “Resisting malicious packet dropping in
hoc networks using distributed probing,” in Proce
edings of ADHOC
NOW ’03, Oct.
[KENT00] S. Kent, C. L
ynn, and K. Seo. “Secure Border Gateway Protocol (Secure
IEEE Journal on Selected Areas in Communications
Vol. 18 No.
592, Apr. 2000.
[KRUU06] P. Kruus, D. Sterne, R. Gopaul, M. Heyman, B. Rivera, P. Budulas, B.
Luu, T. Johnson,
. Ivanic, “In Band Wormholes and Countermeasures in OLSR
Networks,” SecureComm2006, Baltimore, MD, Aug. 2006.
[LEE06] S. Lee, T. Wong, and H. Kim, “Secure Split Assignment Trajectory
Sampling: A Malicious Router Detection System,” in Proceedings of IEEE
onference on Dependable Systems and Networks (DSN), Jun
[LEGE98] U. Legedza, D. Wetherall,
J. Guttag, “Improving the Performance of
Distributed Applications Using Active Networks,”
In Proceedings of IEEE
INFOCOM 1998, pages
K93] G. Malkin, “
Traceroute Using an IP Option”,
S. Malkin, “RIP Version 2 Protocol Applicability Statement”, RFC
1722, Nov. 1994.
J. Giuli, K. Lai, and M. Baker, “Mitigating Routing
Misbehavior in Mob
ile Ad Hoc Networks”, ACM Mobicom 2000, Aug. 2000.
[MATH04] G. Mathur, V. Padmanabhan, and D. Simon, “Secure Routing in Open
Networks Using Secure Traceroute,” Technical Report MSR
Research, Jul. 2004.
MERIT Network Inc.,
Routing Arbiter for the NSFNET and
First Annual Report,”
[MIZR05] A. Mizrak, Y.
, K. Marzullo, and S. Savage, “
Malicious Routers,” In Proc. International Conference on Dependable Systems and
Networks, Jun. 200
[MURP96] S.L. Murphy and M.
R. Badger, “Digital signature protection of the OSPF
routing protocol,” in Symposium on Networks and Distributed Systems Security,
[MURP97] S. Murphy, M. Badger, and B. Wellington, “OSPF with dig
signatures,” RFC 2
, Jun. 1997.
[NATU05] M. Natu and A.S. Sethi, “Adaptive Fault Localization for Mobile, Ad
Battlefield Networks.” Proc. Milcom
2005, IEEE Military Communications
Conference, Atlantic City, NJ
, Oct. 2005
[NATU06] M. Natu and A.S. Sethi, “Active Pro
bing Approach for Fault Localization
in Computer Networks.” Proc. End
End Monitoring Workshop, Vancouver, B.C.,
, Apr. 2006
[PADM02] V. Padmanabhan and D. Simon, “Secure Traceroute to Detect Faulty or
Malicious Routing,” In Proc. ACM SIGCOMM Hot
Nets Workshop, Oct. 2002.
[PAPA02] P. Papadimitratos and Z. Haas, “Secure routing for mobile ad hoc
networks,” in SCS Communication Networks and Distributed Modeli
Simulation Conference, pages 27
[PERK00] C.E. Perkins and E.
“Ad hoc Networking”, In
Ad hoc On
Demand Distance Vector Routing. Addison
[PERL88] R. Perlman, “Network Layer Protocols with Byzantine Robustness
Department of Electrical Engineering a
nd Computer Science, MIT, Aug.
ERL99] R. Perlman, “Interconnections: Bridges, Routers, Switches, and
Internetworking Protocols”, Addison
Wesley Professional Computing Series, Second
[PERR01] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar, “SPINS:
tocols for Sensor Networks,” In Seventh Annual ACM International
Conference on Mobile Computing and Networks (MobiCom 2001), Rome, Italy, July
D. Qu, B.
Vetter, F. Wang, R. Narayan, S.F. Wu, Y.
F. Jou, F. Gong, and
C. Sargor, “Statistical an
omaly detection for link
state routing protocols," in IEEE
Symposium on Security and Privacy (5 Minutes), May 1997.
] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Practical Network
Support for IP Traceback,” ACM SIGCOMM 2000, Aug. 2000.
b] S. Savage, D. Wetherall, A. Karlin, and T. Anderson. “Practical Network
Support for IP Traceback”, ACM SIGCOMM 2000, Aug. 2000.
[SCHW00] B. Sch
wartz, A.W. Jackson, W.T. Strayer, W. Zhou, R.
D. Rockwell, and
C. Partridge, "Smart Packets: Applying
Active Networks to Network Management,"
ACM Transactions on Computer Systems
, Vol. 18, No. 1, 2000, pp. 67
[SMIT97] B. Smith, S. Murthy, and J. Garcia
Aceves, “Securing Distance
Vector Routing Protocols,” In Proc. Symposium on Network and Distrib
Security, NDSS '96, San Diego, CA, 1997.
[SMIT98] B. Smith and J. Garcia
nt security mechanisms for
the Border G
21 No. 3, pages
Subramanian, V. Roth, I. Sanchez, S. Shenker, and R. Katz, “Listen and
Whisper: Security mechanisms for BGP,” In Proc. Symposium on Networked System
Design and Implementation, Mar. 2004.
D. Tennhouse, J. Smith, W. Sincoskie, D. Wetherall, and G.
survey of active network research,”
IEEE Communications Magazine
Vol. 35 No. 1,
D. Wetherall, U. Legedza, and J. Guttag, "Introducing New Internet
Services: Why and How,”
, July/August 1998.
97] S.F. Wu, F.Y. Wang, B.M. Vetter, W.R. Cleaveland, Y.
F. Jou, F. Gong, and
C. Sargor, “Intrusion detection for link
state routing protocols,” in IEEE Symposium
on Security and Privacy, 1997.
U99] S. Wu, H. Chang, D. Qu, F.W.
F. Jou, F. Gong, C. Sargor,
Cleaveland, “JiNao: Design and implementation of a scalable intrusion detection
system for the OSPF routing protocol,"
Journal of Computer Networks and ISDN
[YI01] S. Yi, P. Naldurg, and R. Kravets, “Security aware ad hoc rout
networks,” in the
ACM Symposium on Mobile Ah Hoc Networking and
Computing, Oct. 2001.
G. Zapata, “Secure Ad hoc On
Demand Distance Vector (SAODV)
g,” IETF Internet Draft, Aug.
[ZHAN98] K. Zhang, “Efficient protoco
ls for signing routing messages,” in
Symposium on Networks and Distributed Systems Security, 1998.
[ZHOU99] L. Zhou and Z. Haas, “Securing Ad Hoc Networks,”
13 No. 6,
[ZHU02] D. Zhu, M. Gritter, and D. Cheriton, “Feedba
ck based routing,” In Proc.
ACM SIGCOMM HotNets Workshop, Oct. 2002.
[ZIMM95] P. Zimmerman, “The Official PGP User's Guide,” MIT Press, 1995.