Research On Trustworthy-degree Of Routing And Switching Behaviors And Internet Trusted Routing Protocols

As the processing and communicating hubs of core networks,once embedded vulnerabilities,a router/switch may process packets in abnormal ways,which does great harm to network security.In order to ensure confidentiality,integrity and availability of core networks,this paper designs a set of security policies and policies-violations detectors.Moreover,the definition and quantifier of trustworthy-degree of router and switch behaviors,together with trusted routing protocols are presented based on policies-violations detection to gain high performance.The proposal is composed of policy-violations detectors for recognizing and restraining data intercepted and source IP addresses altered packets,trustworthy-degree quantifier of routers and switches behaviors,and trusted routing protocols.The main contributions of this paper are summarized as follows.1、Design and implement of a policy for defending data interception attacks.In order to defending attacks that adversaries take advantage of router/switch vulnerabilities to perform data interception,this paper presents a routing and switching security policy,a policy-violations detection algorithm and detector model.The algorithm is improved to gain high performance.Based on theoretical analysis and simulations,we show that not only 100% of normal packets can pass through the detector,but also about 99.92% of intercepting ones would be caught.In addition,the throughout put of the detector can reach G bps level.2.Design and implement of a policy for defending source IP address altering attacks.In order to defending the attacks that source IP Addresses are altered by sender hosts and middle routers/switches,this paper proposes a routing and switching security policy and policy-violations detector model.Compared with others,the proposed defending mechanism is not only able to recognize attacking packets instantly,but also applicable to all types of TCP/IP networks,and easy to be deployed.Also theoretical analysis and simulations results shows that its performance is in advance of that of current solutions with the same abilities.3.Trustworthy-degree quantifier of routers and switches behaviors and trusted routing protocols.Although policies proposed in 1 and 2 can ensure confidentiality,integrity and availability of core networks,limited by detection efficiency,the throughput rate of the detectors can not fulfill the need of convergence layer networks.This paper presents a set of fast and trusted routing protocols,which is composed of a method for defining and quantifying trustworthy attributes of a router/switch,and a set of routing protocols for directing packets along the most trusted path.Simulations and theoretical analysis result shows that the trusted routing protocols are able to ensure the trustworthy-degree between every pair of devices higher than a given threshold,and the transmission efficiency can reach 10 G bps level.