Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.

A Comprehensive Survey of Routing Attacks and Defense Mechanisms in MANETs

Mobile Ad Hoc NETwork (MANET) is the most desired topic of research amidst researchers mainly because of its flexibility and independent nature of network infrastructures. MANET's unique characteristics, like the dynamic behaviour related to network topology, limited bandwidth and battery resources, make routing a challenging task. Currently, several efficient routing protocols based on topology and geographical information have been proposed for MANET. However, most of them assume a trusted and cooperative oriented environment. With the influence of adversaries, the MANET routing protocols are vulnerable to various kinds of attacks. Recently, several research efforts have been made to counter these adversarial activities. This survey investigates the latest and on demand security concerns in MANET. This paper comprehensively discusses the existing attacks in the network layer, various categories of defense mechanisms in the literature, and their benefits and defects when applying to MANET. This paper also classifies the attacks and defense mechanisms based on the routing nature, such as topological and geographical. It also discusses intrusion detection systems as well as anonymous routing in MANETs. Finally, it discusses the challenges and future directions in routing security over the MANET environment.

Combatting internet time shifters

Combatting internet time shifters Arguably, the internet’s biggest security hole is the Border Gateway Protocol (BGP), which establishes routes between the organisational networks that make up the internet (e.g. Google, Facebook, Bank of England, Deutsche Telekom, AT&T). The insecurity of the internet’s routing system is constantly exploited to steal, monitor, and tamper with data traffic. Yet, despite many years of Herculean efforts, internet routing security remains a distant dream. The goal of the SIREN project is to propose and investigate novel paradigms for closing this security hole.

SD-BROV: An Enhanced BGP Hijacking Protection with Route Validation in Software-Defined eXchange

In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a lack of insurance in validating authority for announcing network layer reachability. Therefore, a distributed repository system known as Resource Public Key Infrastructure (RPKI) has been utilized to mitigate this issue. However, such a validation requires further deployment steps for Autonomous System (AS), and it might cause performance and compatibility problems in legacy network infrastructure. Nevertheless, with recent advancements in network innovation, some traditional networks are planning to be restructured with Software-Defined Networking (SDN) technology for gaining more benefits. By using SDN, Internet eXchange Point (IXP) is able to enhance its capability of management by applying softwarized control methods, acting as a Software-Defined eXchange (SDX) center to handle numerous advertisement adaptively. To use the SDN method to strengthen routing security of IXP, this paper proposed an alternative SDX development, SD-BROV, an SDX-based BGP Route Origin Validation mechanism that establishes a flexible route exchange scenario with RPKI validation. The validating application built in the SDN controller is capable of investigating received routing information. It aims to support hybrid SDN environments and help non-SDN BGP neighbors to get trusted routes and drop suspicious ones in transition. To verify proposed idea with emulated environment, the proof-of-concept development is deployed on an SDN testbed running over Research and Education Networks (RENs). During BGP hijacking experiment, the results show that developed SD-BROV is able to detect and stop legitimate traffic to be redirected by attacker, making approach to secure traffic forwarding on BGP routers.

An improved AODV routing security algorithm based on blockchain technology in ad hoc network

Ad hoc network is a special network with centerless and dynamic topology. Due to the free mobility of the nodes, routing security has been a bottleneck problem that plagues its development. Therefore, a multi-path QoS (quality of service) routing security algorithm based on blockchain by improving the traditional AODV (ad hoc on-demand distance vector) protocol (AODV-MQS) is proposed. Firstly, a chain of nodes is established in the network and the states of all nodes by making the intermediate nodes on the chain are saved. Secondly, the smart contract in the blockchain is set to filter out the nodes that meet the QoS constraints. Finally, two largest unrelated communication paths are found in the blockchain network through smart contract, one of which is the main path and the other is the standby path. Simulation experiments show that the performance of the proposed algorithm is better than other algorithms, especially in an unsafe environment.

An Improved AODV Routing Security Algorithm Based on Blockchain Technology in Ad Hoc Network

Ad Hoc network is a special network with centerless and dynamic topology. Due to the free mobility of the nodes, routing security has been a bottleneck problem that plagues its development. Therefore, a multi-path QoS (Quality of Service) routing security algorithm based on blockchain by improving the traditional AODV (Ad hoc On-Demand Distance Vector) protocol (AODV-MQS) is proposed. Firstly, a chain of nodes is established in the network and the states of all nodes by making the intermediate nodes on the chain are saved. Secondly, the smart contract in the blockchain is set to filter out the nodes that meet the QoS constraints. Finally, two largest unrelated communication paths are found in the blockchain network through smart contract, one of which is the main path and the other is the standby path. Simulation experiments show that the performance of the proposed algorithm is better than other algorithms, especially in an unsafe environment.

A Lightweight Secure and Energy-Efficient Fog-Based Routing Protocol for Constraint Sensors Network

The Wireless Sensor Network (WSN) has seen rapid growth in the development of real-time applications due to its ease of management and cost-effective attributes. However, the balance between optimization of network lifetime and load distribution between sensor nodes is a critical matter for the development of energy-efficient routing solutions. Recently, many solutions have been proposed for constraint-based networks using the cloud paradigm. However, they achieve network scalability with the additional cost of routing overheads and network latency. Moreover, the sensors’ data is transmitted towards application users over the uncertain medium, which leads to compromised data security and its integrity. Therefore, this work proposes a light-weight secure and energy-efficient fog-based routing (SEFR) protocol to minimize data latency and increase energy management. It exploits the Quality of Service (QoS) factors and facilitates time-sensitive applications with network edges. Moreover, the proposed protocol protects real-time data based on two levels of cryptographic security primitives. In the first level, a lightweight data confidentiality scheme is proposed between the cluster heads and fog nodes, and in the second level, a high-performance asymmetric encryption scheme is proposed among fog and cloud layers. The analysis of simulation-based experiments has proven the significant outcomes of the proposed protocol compared to existing solutions in terms of routing, security, and network management.

An Improved AODV Routing Security Algorithm Based on Blockchain in Ad Hoc Network

Ad Hoc network is a special network with no center and dynamic topology changes. Due to the free mobility of nodes, routing security has always been a bottleneck problem that plagues network development. Therefore, this paper proposes a multi-path QoS (Quality of Service) routing security algorithm based on blockchain by improving the traditional AODV (Ad hoc On-Demand Distance Vector) protocol (AODV-MQS). The algorithm first establishes a blockchain network and saves the state of all nodes by making the intermediate nodes on the chain. Then the smart contract in the blockchain is set to filter out the nodes that meet the QoS constraints. Finally, two largest unrelated communication paths are found in the blockchain network through smart contract, one of which is the main path and the other is the standby path. Simulation experiments show that this algorithm has better performance than other algorithms in an unsafe environment.