1. NTUST - Mobilizing Information Technology Lab
NEW SECURE ROUTING METHOD &
APPLICATIONS FACING MITM ATTACKS
Next Generation Networks and Services (NGNS), 2014
Advisor:Jenq-Shiou Leu
Student:Bing-Syuan Wang
Date:2015/05/12
National Taiwan University of Science and Technology
2. NTUST - Mobilizing Information Technology Lab
Outline
• Introduction
• Graph theory in computer network
• Algorithm for pathfinder
• Choice of a secure combination of paths to use
• Conclusion
2
3. NTUST - Mobilizing Information Technology Lab
Introduction
• Majority of solutions proposed till now for security are located at User
Application Level (Anti-Virus, Intrusion detector…).
• Routing is the act of moving information across an Internetwork from a source
to a destination.
• Packet sniffing allows individuals to capture data as it is transmitted over a
network.
• MITM: Main-in-the-middle attack
3
4. NTUST - Mobilizing Information Technology Lab
Introduction
• Using Graph Theory
• Choose from possible paths given by
pathfinder algorithm, all combinations
that meet a number of criteria such as
safety, speed, buffer size, etc.
4
5. NTUST - Mobilizing Information Technology Lab
Graph theory in computer network
• 𝐺 = (𝑉, 𝐸) Where 𝑉 is the set of vertices and 𝐸 is the set of edges, formed by
pairs of vertices.
• In this condition every Graph could be represented as a simple Matrix called
adjacency matrix.
• The adjacency matrix of 𝐺 = (𝑉, 𝐸) is a 𝑛 × 𝑛 Matrix 𝐷 = (𝑑𝑖𝑗) where 𝑛 is the
number of nodes in G, and 𝑑𝑖𝑗 represent the weight of each edge.
5
6. NTUST - Mobilizing Information Technology Lab
Graph theory in computer network
• Go from n1 to n6 we have:
n1 → n2 → n3 → n6
• And
n1 → n2 → n5 → n3 → n6
6
7. NTUST - Mobilizing Information Technology Lab
Algorithm for pathFinder
• Source = n0
• Destination = n2
7
8. NTUST - Mobilizing Information Technology Lab
Algorithm for pathFinder
• no impact is foreseen on Routers if the number of hops does not exceed 12
8
9. NTUST - Mobilizing Information Technology Lab
Choice of a secure combination of paths to use
• Source n0 and Destination n8
9
10. NTUST - Mobilizing Information Technology Lab
Choice of a secure combination of paths to use
• The best solution will be to have at minimum two paths (Pi & Pj) with same
weight (wi = wj) and also using different intermediate nodes
• OSPF: Open Shortest Path First
• two paths with the same smallest total weight = 4
n0 → n4 → n8 = 4
n0 → n1 → n2 → n5 → n8 = 4
10
11. NTUST - Mobilizing Information Technology Lab
Choice of a secure combination of paths to use
• When such solution is not possible, then we can consider another option
which is to look for two paths that satisfies the condition
𝑚𝑖 × 𝑤𝑖 = 𝑚𝑗 × 𝑤𝑗
• Again from past example we can consider the solution:
n0 → n1 → n2 → n5 → n8 = 4
n0 → n3 → n6 → n4 → n7 → n8 = 8
• With:
m1= 2 (2 messages on P1, load of 67%)
w1 = 4
m2= 1 (1 messages on P2, load of 33%)
w2 = 8
11
12. NTUST - Mobilizing Information Technology Lab
Conclusion
• Using Graph Theory, this paper developed a new way of routing that includes
indirectly the notion of security, a simulation was done to confirm that this new
method will not have any major impact on the router performance
• This paper highlighted some conditions to be used in order to chose the most
safer combination of paths.
• Finally, Optimization is still needed in order to be able to handle more nodes in
one AREA, and also to add the possibility to show only most secure paths in
one algorithm.
12
Editor's Notes
or at most between Layer 4 and 7 like: Firewall (Access Control List), IPsec, Transport Layer Security …, when it is also possible to introduce security in the lower layers such as the network layer, where we have the famous router.