Security Enhancement Technology For Packet Entire-forwarding Process

The current Internet is vulnerable to various attacks such as source spoofing and traffic hijacking during packet entire-forwarding process,in which packets are generated at the source,forwarded through routing nodes,and received by the destination.That introduces serious threats for the authenticity of communication end-hosts and trustiness of communication process.The existing security guarantee technologies represented by source and path verification and fault localization can achieve both abnormal packet identifications and misbehaved network entities,which is beneficial to ensure the security of the packet entire-forwarding process.However,they are always facing the following challenges in terms of efficiency,robustness,and deployment incentives.First,source and path verification inevitably impose a non-trivial network overhead,seriously affecting the packets' forwarding efficiency.Second,fault localization is easily disturbed or outplayed by intermediate routing nodes,which degrades the localization accuracy and makes its availability worse.Finally,these security technologies are hard to be deployed due to lacking incentives.Meanwhile,existing incentives mainly relying on a centralized third party are vulnerable to the single point of failure or the single point of evil,reducing real-world deployment capabilities of source and path verification and fault localization.To address the above challenges,this paper starts with three research goals: efficient source and path verification,high-robust fault localization,and decentralized and automatic incentives.In particular,security enhancement technology for packet entireforwarding process is proposed,whose contributions are as follows.1.This paper has proposed an efficient source and path verification mechanism called PPV that is based on probabilistic packet marking.For packet entire-forwarding process,the existing source and path verification faces the challenges of higher verification overhead and communication overhead,and lower forwarding efficiency.This paper designs PPV mechanism that enables routing nodes to perform probabilistic packet marking instead of verifying all packets in a hop-by-hop fashion.Thus,it can lower the communication overhead(i.e.,the additional length of packet header)and verification overhead,which ensures the high efficiency of packet forwarding verification.The experimental results demonstrate the high forwarding efficiency of PPV,which outperforms the state-of-the-art scheme,and achieves around 2 times and 3 times improvement in terms of throughput and goodput,respectively.2.This paper has proposed a high-robust fault localization mechanism called RFL on unreliable forwarding channels.During fault localization,intermediate routing nodes on unreliable forwarding channels can try to interfere with it by destroying the transmission of either secret key distribution or packet sampling information.Based on that,this paper designs RFL that enable a timer for each routing node.Thus,when the secret keys or sampling information is maliciously modified,dropped,or redirected,the upstream node's timer would be expired,making the secret keys or sampling information can be still delivered back to the source.Based on the received information,the source can still localize for the offending node.The experimental results can achieve over 99.5%localization accuracy while only introducing 10% throughput degradation.3.This paper has proposed a decentralized and automatic incentive mechanism called Smart Crowd for packet entire-forwarding process.The deployment of both PPV and RFL proposed in this paper lacks secure and reliable incentives.To address this issue,this paper designs Smart Crowd mechanism that leverages blockchain and smart contracts technologies for introducing decentralized and automatic incentives.Smart Crowd can attract and incentivize more distributed detectors to identify whether source spoofing and traffic hijacking attacks occur during packet entire-forwarding process,enhancing the accountability for the current networks.The Internet users can select a more secure and reliable ISP based on the detection results recorded in the blockchain-based ledger.The experimental results show Smart Crowd has both technical feasibility and financial benefits,in which the properties of both decentralization and automation can be used to build a secure Internet ecosystem.