Securing User-Controlled Routing Infrastructures

(Synopsis)

Abstract:
Designing infrastructures that give untrusted third parties (such as end-hosts) control over routing is a promising research direction for achieving flexible and efficient communication. However, serious concerns remain over the deployment of such infrastructures, particularly the new security vulnerabilities they introduce. The flexible control plane of these infrastructures can be exploited to launch many types of powerful attacks with little effort. In this paper, we make several contributions towards studying security issues in forwarding infrastructures (FIs). We present a general model for an FI, analyze potential security vulnerabilities, and present techniques to address these vulnerabilities. The main technique that we introduce in this paper is the use of simple lightweight cryptographic constraints on forwarding entries. We show that it is possible to prevent a large class of attacks on endhosts and bound the flooding attacks that can be launched on the infrastructure nodes to a small constant value. Our mechanisms are general
and apply to a variety of earlier proposals such as , DataRouter, and Network Pointers.

Scope of this Projects:

Data Router uses IP routing, and uses the Chord lookup protocol. Addressing security issues of these underlying protocols is beyond the scope of this paper

Introduction:
SEVERAL recent proposals have argued for giving third parties and endusers control over routing in the network infrastructure. Some examples of such routing architectures include TRIAD [6], [30], NIRA [39], Data Router, and Network Pointers. While exposing control over routing to third parties departs from conventional network architecture, these proposals have shown that such control significantly increases the flexibility and extensibility of these networks. Using such control, hosts can achieve many functions that are difficult to achieve in the Internet today. Examples of such functions include mobility, multicast, content routing, and service composition. Another somewhat surprising application is that such control can be used by hosts to protect themselves from packet-level denial-of-service (DoS) attacks [18], since, at the extreme, these hosts can remove the forwarding state that malicious hosts use to forward packets to the hosts. While each of these specific functions can be achieved using a specific mechanismfor example, mobile IP allows host mobilitywe believe that these forwarding infrastructures (FIs) provide architectural simplicity and uniformity in providing several functions that makes them worth exploring.

Existing:
SEVERAL recent proposals have argued for giving thirdparties and endusers control over routing in the network infrastructure. Some examples of such routing architectures include TRIAD NIRA DataRouter and Network Pointers. While exposing control over routing to third-parties departs from conventional network architecture, these proposals have shown that such control significantly increases the flexibility and extensibility of these networks. Using such control, hosts can achieve many functions that are difficult to achieve in the Internet today. Examples of such functions include mobility, multicast, content routing, and service composition. Another somewhat surprising application is that such control can be used by hosts to protect themselves from packet-level denial-of-service (DoS) attacks, since, at the extreme, these hosts can remove the forwarding state that malicious hosts use to forward packets to the hosts.While each of these specific functions can be achieved using a specific mechanismfor example, mobile IP allows host mobility we believe that these forwarding infrastructures (FIs) provide architectural simplicity and uniformity in providing several functions that makes them worth exploring.

Proposed:

We improve the security that flexible communication

infrastructures

which provide a diverse set of operations (such as packet replication) allow. Our main goal in this paper is to show that FIs are no more vulnerable than traditional communication networks (such as IP networks) that do not export control on forwarding. To this end, we present several mechanisms that make these FIs achieve certain specific security properties, yet retain the essential features and efficiency of their original design. Our main defense technique, which is based on light-weight cryptographic constraints on forwarding entries, prevents several attacks including eavesdropping, loops, and traffic amplification. From earlier work, we leverage some techniques, such as challenge-responses and erasure-coding, to thwart other attacks.

Software Requirements:

Software Interface

FRONT-END BACK-END Hardware Interface

: JAVA(SWING, NETWORKING) : MS-ACCESS

PROCESSOR RAM MONITOR HARD DISK KEYBOARD MOUSE

PENTIUM IV 2.6 GHz

: 512 MB DD RAM : 15 COLOR : : 40 GB STANDARD 102 KEYS

:3 BUTTON

Modules:
1. Login & file search 2. Access Specifier 3. i3 key generation 4. Monitoring access 5. Hackers Zone Login & file search In this module, the login process itself has lots of security. Usually the user account name and appropriate password of that account is enough to do the validation and login process, but here some more actions are given to make more security to the login process and get it the next action. The file search process is used to select the file to be send. For each file sending process a random key is generated and stored in the database for the further use for the module Access Specifier. The selected file is loaded to an area to view the data before sending. Access Specifier The Access Specifier module holds the entire key generated by the module i3 key generation. The keys are in two categories private, public to give more security to the data transmission. The private key allows sending the selected data to the particular location or system. The public key allows sending to all users whom all are currently available in the network. i3 key Generation

In the i3 key Generation module, a random key is generated for each action. This generated key is stored in the database. Using this key field this is connected to the Access Specifier module. This key can be categorized to public or private to the user access. A new method is used to generate the key randomly.

Monitoring Access Monitoring Access module takes care of the data sending through the network using the key. It accesses the database to check the validation for proper and improper user. It also monitors the hackers if any body accessing the data, which does not belong to the network. Hackers Zone
The node which is present in the different network or individual system accessing the data in the false name of a node which is present in the router network is called as hackers. The randomly generated key is not allocated to the hacker system.