TY - GEN
T1 - TARN
T2 - 12th International Conference on Malicious and Unwanted Software, MALWARE 2017
AU - Yu, Lu
AU - Wang, Qing
AU - Barrineau, Geddings
AU - Oakley, Jon
AU - Brooks, Richard R.
AU - Wang, Kuang Ching
N1 - Publisher Copyright: © 2017 IEEE.
PY - 2017/7/2
Y1 - 2017/7/2
N2 - Destination IP prefix-based routing protocols are core to Internet routing today. Internet autonomous systems (AS) possess fixed IP prefixes, while packets carry the intended destination AS's prefix in their headers, in clear text. As a result, network communications can be easily identified using IP addresses and become targets of a wide variety of attacks, such as DNS/IP filtering, distributed Denial-of-Service (DDoS) attacks, man-in-the-middle (MITM) attacks, etc. In this work, we explore an alternative network architecture that fundamentally removes such vulnerabilities by disassociating the relationship between IP prefixes and destination networks, and by allowing any end-to-end communication session to have dynamic, short-lived, and pseudo-random IP addresses drawn from a range of IP prefixes rather than one. The concept is seemingly impossible to realize in todays Internet. We demonstrate how this is doable today with three different strategies using software defined networking (SDN), and how this can be done at scale to transform the Internet addressing and routing paradigms with the novel concept of a distributed software defined Internet exchange (SDX). The solution works with both IPv4 and IPv6, whereas the latter provides higher degrees of IP addressing freedom. Prototypes based on Open vSwitches (OVS) have been implemented for experimentation across the PEERING BGP testbed. The SDX solution not only provides a technically sustainable pathway towards large-scale traffic analysis resistant network (TARN) support, it also unveils a new business model for customer-driven, customizable and trustable end-to-end network services.
AB - Destination IP prefix-based routing protocols are core to Internet routing today. Internet autonomous systems (AS) possess fixed IP prefixes, while packets carry the intended destination AS's prefix in their headers, in clear text. As a result, network communications can be easily identified using IP addresses and become targets of a wide variety of attacks, such as DNS/IP filtering, distributed Denial-of-Service (DDoS) attacks, man-in-the-middle (MITM) attacks, etc. In this work, we explore an alternative network architecture that fundamentally removes such vulnerabilities by disassociating the relationship between IP prefixes and destination networks, and by allowing any end-to-end communication session to have dynamic, short-lived, and pseudo-random IP addresses drawn from a range of IP prefixes rather than one. The concept is seemingly impossible to realize in todays Internet. We demonstrate how this is doable today with three different strategies using software defined networking (SDN), and how this can be done at scale to transform the Internet addressing and routing paradigms with the novel concept of a distributed software defined Internet exchange (SDX). The solution works with both IPv4 and IPv6, whereas the latter provides higher degrees of IP addressing freedom. Prototypes based on Open vSwitches (OVS) have been implemented for experimentation across the PEERING BGP testbed. The SDX solution not only provides a technically sustainable pathway towards large-scale traffic analysis resistant network (TARN) support, it also unveils a new business model for customer-driven, customizable and trustable end-to-end network services.
UR - https://www.scopus.com/pages/publications/85050893768
U2 - 10.1109/MALWARE.2017.8323961
DO - 10.1109/MALWARE.2017.8323961
M3 - Conference contribution
T3 - Proceedings of the 2017 12th International Conference on Malicious and Unwanted Software, MALWARE 2017
SP - 91
EP - 98
BT - Proceedings of the 2017 12th International Conference on Malicious and Unwanted Software, MALWARE 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 11 October 2017 through 14 October 2017
ER -